b"\x0c\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page i\n\n\n\n\n                                                   IG\xe2\x80\x99s\n\n                                               Semiannual\n\n                                                  Report\n\n                                               to Congress\n\n\n\n                                                 September 2007\n\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page ii\n\x0cDOC OIG SAR 11-07.qxd      11/27/07   1:36 PM   Page iii\n\n\n\n\n              September 30, 2007\n\n              The Honorable Carlos M. Gutierrez\n              Secretary of Commerce\n              Washington, D.C. 20230\n\n\n              I am pleased to submit this Semiannual Report to Congress, which details the work and activities of the Office\n              of Inspector General for the 6-month period April 1, 2007, through September 30, 2007. The Inspector\n              General Act of 1978 requires that we prepare this report twice each year to summarize our assessments of\n              Commerce operations and that you transmit it, with any comments you may wish to add, to Congress within\n              30 days of receiving it.\n\n              On June 29, 2007, Johnnie Frazier retired after 37 years at the Department of Commerce, including nearly\n              three decades with the Office of Inspector General and nine years as Inspector General. OIG would like to\n              acknowledge Mr. Frazier\xe2\x80\x99s extraordinary dedication to public service during his lengthy federal career, and\n              express our appreciation for the many valuable contributions he made to this organization, the Department,\n              and the inspector general community. The office is continuing its efforts to promote integrity, efficiency, and\n              effectiveness in departmental programs and operations as we await the confirmation of a new inspector general.\n\n              Consistent with prior reporting periods, our work over the last six months addressed a number of the major\n              operational and programmatic priorities of the Department. We maintained our focus on information security \xe2\x80\x93\n              a top challenge for Commerce and the federal government as a whole \xe2\x80\x93 completing assessments under the Federal\n              Information Security Management Act, as well as reviews of the Census Bureau\xe2\x80\x99s IT security controls and property\n              management policies for the thousands of laptop computers used in its field and headquarters operations.\n\n              During this period, we also began to escalate our oversight of Census\xe2\x80\x99s preparations for the 2010 decennial,\n              completing a review of update/enumerate test operations on the Cheyenne River Reservation in South Dakota\n              and an evaluation of the bureau\xe2\x80\x99s progress in readying its workers\xe2\x80\x99 compensation program for the decennial. In\n              addition, we have initiated reviews of several aspects of the 2008 dress rehearsal and performance audits of two\n              multimillion-dollar contracts that are integral to decennial operations.\n\n              I thank you and your staff for your continued support of the work of this office, and the generous assistance\n              provided by senior managers throughout the Department during this period of transition.\n\n\n              Sincerely,\n\n\n\n              Elizabeth T. Barlow\n              Acting Inspector General\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page iv\n\x0cDOC OIG SAR 11-07.qxd      11/27/07       1:36 PM        Page v\n\n\n\n\n                                                                  CONTENTS\n\n              Acting IG\xe2\x80\x99s Message to Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1\n\n\n              Major Challenges for the Department . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3\n\n                   Control the Cost and Improve the Accuracy of the Decennial Census . . . . . . . . . . . . . . . . . . . . . . . . . . 3\n\n                   Strengthen Department-Wide Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5\n\n                   Effectively Manage Departmental and Bureau Acquisition Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . 7\n\n                   Strengthen Internal Controls over Financial, Programmatic, and Business Processes . . . . . . . . . . . . . . . 8\n\n                   Ensure that USPTO Uses Its Authorities and Flexibilities as a Performance-Based Organization\n\n                   to Achieve Better Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9\n\n                   Effectively Manage the Development and Acquisition of Environmental Satellites . . . . . . . . . . . . . . . . 10\n\n                   Promote U.S. Exports and Fair Competition in International Trade . . . . . . . . . . . . . . . . . . . . . . . . . . . 12\n\n                   Effectively Manage NOAA\xe2\x80\x99s Stewardship of Ocean and Living Marine Resources . . . . . . . . . . . . . . . . 13\n\n                   Aggressively Monitor Emergency Preparedness, Safety, and Security Responsibilities . . . . . . . . . . . . . . 14\n\n                   Enhance Export Controls for Dual-Use Commodities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15\n\n\n              Agency Overviews\n                   Economic Development Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17\n\n                   Economics and Statistics Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21\n\n                   International Trade Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33\n\n                   National Institute of Standards and Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39\n\n                   National Oceanic and Atmospheric Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41\n\n                   United States Patent and Trademark Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45\n\n                   Department-Wide Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47\n\n\n              Office of Inspector General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49\n\n                   Office of Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49\n\n                   Other OIG Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52\n\n                   Tables and Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53\n\n                   Reporting Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60\n\n\n              Types of OIG Work Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62\n\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:36 PM    Page vi\n\n\n\n\n                                                                                                                         Photo by OIG\n                                   This lighted vault is one of the Herbert C. Hoover Building\xe2\x80\x99s many beautiful architectural features.\n\x0cDOC OIG SAR 11-07.qxd      11/29/07    10:38 AM    Page 1\n\n\n\n\n                      ACTING INSPECTOR GENERAL\xe2\x80\x99S\n\n                         MESSAGE TO CONGRESS\n\n              On behalf of the Department of Commerce Office               prevent unauthorized data access. On the latter\n              of Inspector General, I am pleased to submit our             point, we determined they did not.\n              Semiannual Report for the second half of fiscal\n              year 2007.                                                   We also found that Census property management\n                                                                           personnel gave inadequate attention to the laptop\n              A considerable amount of the work completed                  inventory, a situation the bureau has since rectified.\n              during this period was dictated by the Federal               Likewise, the Department\xe2\x80\x99s recent initiative to equip\n              Information Security Management Act, which                   all Commerce computers with \xe2\x80\x9cfull disk\xe2\x80\x9d encryption,\n              requires that we annually assess Commerce\xe2\x80\x99s efforts to       which secures all of a computer\xe2\x80\x99s data, should ensure\n              safeguard data processed by its computer systems and         that information on Census laptops is now protected.\n              networks. Meeting FISMA standards has proven a\n              difficult and costly challenge for many federal              Oversight of Census 2010 Activities\n              agencies. In FY 2007, the government spent\n              $5.2 billion to secure its total IT investment of            With roughly 2 years remaining until the 2010\n              approximately $64 billion.1 Yet progress has been            decennial census, we have escalated our oversight of\n              uneven across the board, and Commerce\xe2\x80\x94while                  the bureau\xe2\x80\x99s preparations, with reviews under way of\n              making significant headway\xe2\x80\x94has been among those              the 2008 dress rehearsal and of two multimillion-\n\n              We await the confirmation of a new inspector general and look forward to continuing the\n              productive partnership we have enjoyed with the Department and the improvements in\n              Commerce operations it has yielded.\n\n              that continue to struggle to adequately protect              dollar IT contracts. During this semiannual period,\n              systems and information from compromise. Our                 we completed an evaluation of the bureau\xe2\x80\x99s 2006\n              annual FISMA work has been important in gauging              update/enumerate test on the Cheyenne River\n              the nature and extent of problems and progress at the        Reservation and Off-Reservation Trust Land in South\n              various operating units, and for offering solutions to       Dakota (see page 25). We found, among other things,\n              achieve the Department\xe2\x80\x99s full compliance with the            that poor maps and incorrect address lists made it\n              law. (See pages 30, 36, and 41.)                             difficult for enumerators to find housing units and that\n                                                                           changes to the questionnaire designed to improve the\n              Complementing our FISMA evaluations during this              count had little impact on the final numbers.\n              semiannual period were our reviews of IT security\n              and property management at the Census Bureau in              We also followed up on Census\xe2\x80\x99s efforts to develop a\n              relation to the loss of several hundred Census laptop        workers\xe2\x80\x99 compensation strategy that addresses the\n              computers, many of which contained sensitive data.           unique challenges posed by temporary decennial\n              (See page 21.) Initiated at the request of Secretary         hires who are hurt on the job\xe2\x80\x94a strategy we\n              Gutierrez, our reviews sought to determine how the           recommended in a 2006 Department-wide review of\n              breakdown in property management occurred and                workers\xe2\x80\x99 compensation. We found that the bureau as\n              whether the laptops had adequate security controls to        yet has no such strategy in place. (See page 29.) With\n                                                                           dress rehearsal activities already under way, Census\n                                                                           runs the risk of seeing its injured, short-term\n              1\n                  http://www.whitehouse.gov/omb/egov/documents/            decennial employees become long-term benefits\n                  FY07ITBudgetRollout.pdf                                  recipients unless it quickly implements a program\n\n\n                                                                       1\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 2\n\n\n\n\n              Acting Inspector General\xe2\x80\x99s Message to Congress                          September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              that offers suitable job opportunities for those who          senior Department officials as these reviews progress\n              are able to return to work.                                   to facilitate their efforts to address any shortcomings\n                                                                            that may be deemed critical.\n              Other Areas of Focus\n                                                                            OIG Leadership in Transition\n              Finally, audits of Commerce financial assistance\n              recipients identified millions of dollars in questioned       It has been a privilege to serve as acting inspector\n              costs and funds to be put to better use. (See pages           general during the final 3 months of this reporting\n              17-19 and 39.) And our evaluation of the National             period, following the retirement of Johnnie Frazier\xe2\x80\x94\n              Export Strategy\xe2\x80\x94which the Department takes the                our IG for the past 9 years, and a highly regarded\n              lead in developing\xe2\x80\x94determined that it lacks the               Commerce employee for his entire 37-year career in\n              specificity required to foster integrated government-         public service. I wish to acknowledge with gratitude\n              wide trade promotion activities. (See page 33).               the spirit of collaboration that has marked our\n                                                                            interactions with Commerce officials as we\xe2\x80\x99ve\n              Work under way in other areas\xe2\x80\x94such as oversight of            conducted our work during this time of transition.\n              the GOES-R satellite program and NOAA\xe2\x80\x99s                       We await the confirmation of a new inspector general\n              management of the Fisheries Finance Loan                      and look forward to continuing the productive\n              Program\xe2\x80\x94is pointing to a number of actions needed             partnership we have enjoyed with the Department\n              to improve program operations and protect the                 and the improvements in Commerce operations it\n              federal investments at stake. We are consulting with          has yielded.\n\n\n\n\n                                                                        2\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page 3\n\n\n\n\n                                 MAJOR CHALLENGES\n\n                                FOR THE DEPARTMENT\n\n              This section highlights the Top 10 Management                Challenge 1\n              Challenges that faced the Department at the close of\n              this semiannual period. Each challenge meets one or          Control the Cost and\n              more of the following criteria: (1) it is important to\n              the Department\xe2\x80\x99s mission or the nation\xe2\x80\x99s well-being,\n                                                                           Improve the Accuracy\n              (2) it is complex, (3) it involves sizable resources         of the Decennial Census\n              or expenditures, or (4) it requires significant\n              management improvements. Because of the diverse              The Census Bureau\xe2\x80\x99s redesigned decennial plan,\n              nature of Commerce activities, these criteria                established after the 2000 census, is heavily\n              sometimes cut across bureau and program lines.               dependent on automating critical field operations\n              Experience has shown that by aggressively addressing         to accurately count the nation\xe2\x80\x99s population\n              these challenges, the Department can enhance                 within budget. After conducting a series of tests\n              program efficiency and effectiveness; eliminate              throughout the decade, the bureau has begun a\n              serious operational problems; decrease fraud, waste,         \xe2\x80\x9cdress rehearsal\xe2\x80\x9d or dry run of the upcoming 2010\n              and abuse; and achieve substantial savings.                  census, which will produce an unofficial count for\n                                                                           two sites: San Joaquin County, California, and eight\n                                                                           counties surrounding Fayetteville, North Carolina.\n                TOP 10 MANAGEMENT CHALLENGES                               The local census office for each site opened in\n                                                                           April 2007.\n                 1. Control the cost and improve the accuracy\n                    of the decennial census.                               During the past year, we monitored various aspects\n                 2. Strengthen Department-wide information\n                of the bureau\xe2\x80\x99s decennial operations: we com\xc2\xad\n                    security.\n                                             pleted our evaluation of the 2006 test of\n                                                                           update/enumerate at the Cheyenne River\n                 3. Effectively manage departmental and bureau             Reservation and conducted a follow-up review of\n                    acquisition processes.                                 the bureau\xe2\x80\x99s progress in readying its workers\xe2\x80\x99\n                 4. Strengthen internal controls over financial,           compensation program for the 2010 decennial (see\n                    programmatic, and business processes.                  pages 25 and 29). We also have initiated two\n                 5. Ensure that USPTO uses its authorities and             reviews of the 2008 dress rehearsal, one assessing\n                    flexibilities as a performance-based                   the effectiveness of address canvassing procedures\n                    organization to achieve better results.                in improving the accuracy of the address list and\n                                                                           maps, and the other evaluating the capabilities and\n                 6. Effectively manage the development and\n\n                                                                           performance of the technology that supports this\n                    acquisition of environmental satellites.\n\n                                                                           operation. And we are auditing two multimillion-\n                 7. Promote U.S. exports and fair competition              dollar contracts: Field Data Automation Collection\n                    in international trade.                                (FDCA) and the Decennial Response Integration\n                 8. Effectively manage NOAA\xe2\x80\x99s stewardship of               System (DRIS), which are being used to acquire IT\n                    ocean and living marine resources.                     devices and services that are critical to the success\n                 9. Aggressively monitor emergency preparedness,           of the reengineered census.\n                    safety, and security responsibilities.\n                10. Enhance export controls for dual-use\n                    commodities.\n\n\n\n                                                                       3\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 4\n\n\n\n\n              Major Challenges for the Department                                           September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Counting American Indians                                       Improving the Workers\xe2\x80\x99 Compensation\n              on Reservations                                                 Program at Census\n              Counting American Indians living on reservations                                                In our March 2006\n              such as the one selected for the 2006 test of                                                   Semiannual Report (page 39\xc2\xad\n              update/enumerate can be challenging because these                                               41), we discussed the results\n              sites often contain many unnamed streets and                                                    of our review of Commerce\xe2\x80\x99s\n              unnumbered houses and encompass large, rural areas                                              workers\xe2\x80\x99 compensation pro\xc2\xad\n              punctuated by small communities. In addition,                                                   gram,2 which included recom\xc2\xad\n              multiple families often share a single housing unit,                                            mendations that the Census\n              and getting an accurate count of the entire household                                           Bureau and the Department\n              is difficult. In update/enumerate census-takers go                                              develop a comprehensive\n              door to door to collect population information and                                              workers\xe2\x80\x99 compensation pro\xc2\xad\n              update address lists and maps. We evaluated the test\xe2\x80\x99s                                          gram for the 2008 dress\n              conduct and outcomes, particularly with regard to                                               rehearsal and the 2010\n              the impact of a new query on the census form                                                    decennial. The bureau paid\n              designed to improve the count of all household                                                  almost $14.2 million in\n              members (\xe2\x80\x9cwithin-household coverage\xe2\x80\x9d). We looked                                                workers\xe2\x80\x99 compensation bene\xc2\xad\n              at the success of the overall operation in accurately                                           fits during the 2000 census\n              enumerating the reservation population.                           www.census.gov/2010census/dx- and continues to pay\n                                                                                            261-cafinalnr.pdf\n                                                                                                              millions of dollars to\n              Overall, we found the new query had little impact on                                            decennial workers still on the\n              reservation enumerations. We also found many                    rolls. The unique nature of intermittent work at\n              problems caused by the poor quality of Census maps              Census complicates administration of the program,\n              and address list information collected during the               so we urged the bureau and the Department to\n              address canvassing operation, which preceded                    develop a strategy to contain these costs for the\n              update/enumerate, and Census\xe2\x80\x99s decision not to                  upcoming decennial.\n              equip enumerators with GPS navigation tools in this\n              geographically challenging environment. Given that              During this semiannual period we assessed the\n              Census did little to test alternative enumeration               bureau\xe2\x80\x99s progress in implementing our 2006\n              methods, we question whether the bureau devoted                 recommendations for developing a program,\n              adequate time and attention to the 2006 effort.                 identifying ways to contain related costs for the 2008\n                                                                              dress rehearsal and 2010 decennial operations,\n              With the countdown to the 2010 census accelerating,             returning current claimants to work, when feasible,\n              the bureau\xe2\x80\x99s time for modifying plans and ensuring              and implementing training and other management\n              an accurate, cost-effect count of all Americans is              controls and oversight to minimize unnecessary\n              growing short. We recommended that Census, at the               workers\xe2\x80\x99 compensation costs.\n              very least, give enumerators usable, legible maps and\n              sufficiently detailed address lists on a consistent basis       We found the bureau had yet to implement a strategy\n              and consider giving enumerators a GPS device for                for returning current claimants to work or for\n              navigation\xe2\x80\x94either the handheld computer slated for              managing a workers\xe2\x80\x99 compensation program tailored\n              Census 2010 or an inexpensive off-the-shelf model.              specifically to the staffing challenges posed by\n              This latter step would go a long way toward                     decennial operations. Census officials have recently\n              improving the accuracy and efficiency of                        advised us they\xe2\x80\x99ve taken preliminary steps to return\n              update/enumerate. We further recommended                        some claimants to work and have reached internal\n              assigning a senior headquarters official specific               agreement on a regionally based return-to-work\n              responsibility for improving 2010 American Indian\n              enumeration efforts. (See page 25.)                             2\n                                                                                  Management of Commerce\xe2\x80\x99s Federal Workers\xe2\x80\x99 Compensation\n                                                                                  Program Needs Significant Improvement, IPE-17536\n\n\n\n                                                                          4\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:36 PM    Page 5\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                         Major Challenges for the Department\n\n\n\n              program and an integrated program strategy. The                 Challenge 2\n              bureau must now work with the Department\xe2\x80\x99s\n              human resources office and with Labor Department                Strengthen Department-Wide\n              officials to finalize and implement its strategy. It must\n              also identify the resources needed to handle the\n                                                                              Information Security\n              anticipated caseload of workers injured during 2010\n              decennial operations. (See page 29.)                            The continuing expansion of information technology\n                                                                              means federal agencies face ever-increasing challenges\n                                                                              in performing their missions while providing for the\n                                                                              security of their sensitive information. Since\n              Assessing the 2008 Address\n                                                                              enactment of FISMA in 2002, agencies have spent\n              Canvassing Dress Rehearsal                                      millions of dollars to improve the security of\n                                                                              information on their computer systems and shared\n              The dress rehearsal is a final opportunity to ensure            via the Internet. Yet weaknesses persist and breaches\n              that decennial components work together as planned.             continue. At the Department of Commerce, IT\n              We are currently evaluating the address canvassing              security has been reported as a material weakness\n              portion of dress rehearsal, which took place from               under the Federal Managers Financial Integrity Act\n              May through June 2007.                                          since 2001.\n\n              During address canvassing, temporary staff equipped             The system security certification process is supposed\n              with handheld computers go into the field to verify,            to provide officials with complete, accurate, and\n              update, add, or remove addresses; add and delete                trustworthy information on a system\xe2\x80\x99s security status\n              streets to correct computer maps; and annotate                  so they can make timely, credible, risk-based\n              address locations on the maps. The operation                    decisions on whether to authorize operation. Our\n              produces an updated, comprehensive file of addresses            reviews of the Department\xe2\x80\x99s certification and\n              and physical locations where people live or stay. We            accreditation (C&A) packages continue to find a\n              are assessing whether fieldworkers consistently                 process that does not adequately identify and assess\n              followed procedures and made appropriate                        needed security controls. As a result, authorizing\n              corrections on the handheld computer, and whether\n              the redesigned quality control component improved\n              the quality of the address list.                                           Why Is C&A Important?\n                                                                               Certification is a comprehensive assessment of\n              In a separate review, we are looking at the technology           security controls implemented in a computer\n              supporting the operation. Our observations thus far              system. It determines whether controls are\n              suggest that key automation capabilities have greatly            implemented correctly, operating as intended,\n              improved since the 2004 and 2006 site tests. But we              and meeting the security requirements for the\n              observed other problems. For example, handheld                   system. Through the formal assessment of\n              computer functions frequently froze, processing of               controls, the system certifier identifies any\n              large address lists was slow, and help desk support for          vulnerabilities that have not been eliminated by\n              resolving users\xe2\x80\x99 computer problems was inadequate.               security controls.\n              The bureau and its FDCA contractor are aware of\n              these problems and are working to resolve them. We               Accreditation is management\xe2\x80\x99s formal authori\xc2\xad\n              will detail our findings and recommendations in the              zation to allow a system to operate. It includes an\n              next semiannual report.                                          explicit acceptance of the risks posed by any\n                                                                               identified remaining vulnerabilities. Through\n                                                                               accreditation, senior agency officials take\n                                                                               responsibility for the security of systems they\n                                                                               manage and for any adverse impacts should a\n                                                                               breach in security occur.\n\n\n\n\n                                                                          5\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 6\n\n\n\n\n              Major Challenges for the Department                                       September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              officials do not have the information they need to             certification agents and the authorizing official\n              make sound accreditation decisions.                            without adequate information about remaining\n                                                                             vulnerabilities. (See page 45.) Therefore, we also\n              Beginning in FY 2005, Commerce\xe2\x80\x99s Office of the                 recommended that USPTO, which submits its\n              Chief Information Officer (OCIO) instituted a                  performance and accountability report separately,\n              quality assurance process that involved reviewing              again report IT security as a material weakness.\n              C&A packages for agency (as opposed to contractor)\n              systems, working with the bureaus to eliminate noted           Senior management officials in the Department and\n              deficiencies, and forwarding to OIG packages                   USPTO are keenly aware and supportive of the need\n              considered acceptable for FISMA review. For FY                 for improving the IT security program. The\n              2007, we received packages for eight agency systems            Department CIO has placed a great deal of emphasis\n              reviewed by OCIO as of our cutoff date in early June.          on improving C&A and is taking significant actions\n                                                                             to improve the process. Likewise, USPTO\xe2\x80\x99s CIO has\n                                                                             devoted considerable personal attention and\n              FY 2007 FISMA Review                                           resources to improving C&A. These efforts\n                                                                             demonstrate a high level of commitment;\n              We looked at a total of six C&A packages\xe2\x80\x94three of              unfortunately, their benefits have yet to translate into\n              which had been reviewed by OCIO in FY 2007; one                C&A processes that consistently produce packages\n              reviewed in FY 2006 but sent to us late in the fiscal          showing adequate implementation of the required\n              year; and two contractor systems, which had not                baseline level of security for the Department\xe2\x80\x99s more\n              undergone OCIO\xe2\x80\x99s quality review. We assessed all               than 300 IT systems.\n              components of each package and met with agency\n              and contractor staff to discuss apparent omissions or\n              clarify discrepancies in the documentation and gain            Lost Laptops Prompt Assessment of IT\n              further insight into the extent of the security controls       Security at Census\n              assessment. We gave particular weight in our review\n              to evidence supporting the rigor and completeness of           The widely publicized loss of hundreds of Census\n              the assessment.                                                laptops between 2001 and 2006 prompted our office,\n                                                                             at the request of Secretary Gutierrez, to assess the\n              We concluded that only two of the six packages                 bureau\xe2\x80\x99s IT security controls for protecting personally\n              adequately complied with FISMA, OMB policy,                    identifiable information, along with the bureau\xe2\x80\x99s\n              NIST guidelines, and agency IT security policy. Both           property management policies and practices (see page\n              were for agency systems. But we noted continued                21). Our assessment of the security controls focused\n              improvement in security plans for all the systems,             on the laptop computers used by about 5,500 Census\n              particularly in the identification of system                   field representatives to conduct censuses and surveys\n              components. We also found improvement in the                   prior to implementation of full disk encryption. We\n              assessment of security controls in the two compliant           found that personally identifiable information could\n              systems. However, the remaining four systems had               be recovered from Census\xe2\x80\x99s lost or stolen laptops\n              serious deficiencies in their controls assessment,             using software tools available on the Internet. Given\n              particularly in the testing of operational and technical       how the laptops are used in the field, it is likely that\n              controls. (See pages 30, 31, and 41.) That being the           some were not encrypted when lost or stolen, leaving\n              case, we again recommended IT security be reported             confidential information readily accessible. Our\n              as a material weakness within Commerce.                        report identifies additional IT security weaknesses\n                                                                             that further increase risk to personally identifiable\n              Two USPTO packages were included in our review                 information.\n              sample\xe2\x80\x94one for an agency system and one for a\n              contractor system. Both lacked sufficient evidence to          Census has taken significant steps to improve IT\n              confirm that operational and technical controls are in         security and better protect its sensitive information,\n              place and operating as intended, leaving the                   and has been extremely responsive in correcting the\n\n\n                                                                         6\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 7\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                 Major Challenges for the Department\n\n\n\n              IT security weaknesses we identified. However, in an                   funding contracts, preparing and maintaining cost\n              era of increasing IT security requirements and highly                  estimates, performing effective market research,\n              constrained resources, the bureau faces considerable                   ensuring full and open competition whenever\n              challenges in carrying out its IT security program.                    possible, using earned value management to measure\n                                                                                     progress, establishing effective award fee plans, and\n              The Department has also taken several significant                      selecting the appropriate contract types.\n              steps to secure personally identifiable information: it\n              required that all Commerce laptops be fully                            Continuity and consistency in acquisition\n              encrypted during FY 2007 and selected a product for                    management and oversight are essential to ensuring\n              implementing two-factor authentication, which uses                     the government timely and cost-effectively gets what\n              a randomly generated pass code, along with the user\xe2\x80\x99s                  it pays for especially when making complex and\n              password, to control access to Commerce networks                       costly acquisitions. With that in mind, Commerce\n              from remote locations. In addition, it established an                  must ensure that high turnover in upper\n              Identity Theft Task Force of senior officials to ensure                management and other key acquisition positions at\n              rapid, appropriate response to actual or potential                     the Department and several of its agencies does not\n              data breaches involving personally identifiable                        affect the quality of the procurement process.\n              information.\n                                                                                     In addition, the Department has had a difficult time\n                                                                                     achieving discipline in the acquisition process over\n                                                                                     the past few years. Senior management must take a\n              Challenge 3                                                            serious look at the planning and execution processes\n                                                                                     for procurements and ensure agencies have the ability\n              Effectively Manage Departmental                                        to promptly hire and adequately train qualified\n                                                                                     acquisition staff.\n              and Bureau Acquisition Processes\n              Commerce spends nearly $2 billion a year to procure\n                                                                                     OIG\xe2\x80\x99s Efforts to Improve Contracting\n              goods and services so management and oversight of\n              the processes used must be superior. Past OIG audits                   Oversight\n              and evaluations have identified improvements the\n              Department needs to implement to fortify the                           In FY 2006, OIG established a contract audits\n              acquisition process. These include documenting                         division to oversee Commerce\xe2\x80\x99s acquisition activities.\n              program needs, validating requirements, fully                          The division will monitor the Department\xe2\x80\x99s most\n                                                                                     significant procurements on a continuing basis and\n                                                                                     conduct audits of those contracts as appropriate. The\n                                                                                     contract audits team will also scrutinize the\n                                                                                     Department\xe2\x80\x99s revision of departmental and bureau\n                                                                                     procurement policies to ensure they mirror current\n                                                                                     federal acquisition regulations and Office of\n                                                                                     Management and Budget circulars. In its reports, the\n                                                                                     team will recommend best practices and innovative\n                                                                                     approaches the Department should adopt.\n\n                                                                                     The contract audits division\xe2\x80\x99s initial area of emphasis\n                                                                                     has been the Census Bureau\xe2\x80\x99s procurement of\n                                                                                     products and services to support the 2010 decennial\n                                                                                     census. In April 2007, we began the first of a series of\n                                                       http://oam.ocs.doc.gov/       audits of the FDCA and DRIS contracts. FDCA is\n                                                                                     an effort to automate field data collection and\n                                                                                     provide logistics, training, and help desk support for\n\n\n                                                                                 7\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 8\n\n\n\n\n              Major Challenges for the Department                                      September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              12 regional centers, more than 450 local census                tasks performed to maintain and repair data buoys\n              offices, and up to 500,000 field staff who will                and other observation platforms for marine weather\n              conduct the decennial census. DRIS is intended to              forecasting. We expect to issue a report on this review\n              standardize and integrate data collected via paper             during the next semiannual period.\n              census forms, handheld computers, telephone\n              interviews, and other methods. These two contracts\n              have a combined value of $1.1 billion, representing\n              about 9.5 percent of the $11.5 billion in total                Challenge 4\n              estimated costs for the 2010 decennial census. The\n              first audit of these contracts will determine whether          Strengthen Internal Controls over\n              (1) the prime contractors\xe2\x80\x99 data deliverables were on\n              time and of acceptable quality, (2) the contracting\n                                                                             Financial, Programmatic, and\n              officers can promptly adjust the contract cost                 Business Processes\n              estimate to account for changes in cost and schedule,\n              and (3) both contracts contain effective award fee             To ensure operations are effective, efficient, and in\n              plans. In future audits, we will review the contractors\xe2\x80\x99       compliance with laws and regulations, agencies\n              costs for equipment and materials, their management            implement internal controls. These steps also make\n              of subcontractors, and contactor surveillance.                 certain that financial reporting is reliable and assets\n                                                                             are safeguarded from waste, loss, or misap\xc2\xad\n              In addition to its audit of the FDCA and DRIS                  propriation.\n              contract, the contract audits division is currently\n              monitoring several high-profile contracts within the           In the years since passage of the 1990 Chief Financial\n              Department, including the $200 million 2010                    Officers Act, Commerce has been working to fix\n              Census Communications Campaign contract. In                    financial management problems, including\n              anticipation of conducting an audit, we are                    overhauling accounting practices and consolidating\n              evaluating the bureau\xe2\x80\x99s contract administration,               several financial systems into one. The result has been\n              focusing on whether the contractor charges                     a more integrated system designed to give agency\n              appropriate labor rates and submits status reports on          managers current, accurate information.\n              costs and its progress against the program\xe2\x80\x99s schedule.\n              In June 2007, division staff met with the contracting\n              officer for that procurement to informally review the\n              processes the bureau used to solicit proposals and\n              make the award.\n                                                                                                                http://home.commerce.gov/ofm/\n\n\n\n              National Data Buoy Center                                      In FY 2006, agencies began implementing new\n                                                                             internal accounting controls required by OMB\xe2\x80\x99s\n              OIG is also examining a large contract administered            revised Circular A-123, and since FY 2004 they have\n              by the National Data Buoy Center, a part of the                had to issue audited financial statements within\n              National Weather Service that designs, develops,               45 days of the fiscal year\xe2\x80\x99s close. Commerce has\n              operates, and maintains a network of data-collecting           met this deadline each year since 2004, and has\n              ocean buoys and coastal stations. In 2005, the center          continued to receive a clean opinion on its\n              awarded a 5-year contract with potential for five 1\xc2\xad           consolidated statements.\n              year extensions worth up to $500 million for\n              technical services support for its marine observation          However, despite positive efforts made by the\n              network. Currently, an OIG inspection team is                  Department, the FY 2006 financial statement audit\n              reviewing the contract\xe2\x80\x99s structure and management              found that continued improvements are needed in its\n              by the National Oceanic and Atmospheric                        IT general control environment. Commerce also\n              Administration, including oversight of the associated          needs to ensure that the internal controls for programs\n\n\n                                                                         8\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 9\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                          Major Challenges for the Department\n\n\n\n              and business practices provide reasonable assurance              Evaluating Program and Accountable\n              that operations are effective and efficient and are\n                                                                               Property Controls\n              consistent with applicable laws and regulations.\n                                                                               Because the design and implementation of program\n                                                                               and property controls can significantly impact the\n              Establishing a Blueprint for Sound                               effectiveness of departmental operations, these\n              Management of New NTIA Programs                                  areas are an important focus of our audit and inspec\xc2\xad\n                                                                               tion work.\n              The Digital Television Transition and Public Safety\n              Act of 2005 requires the Federal Communications                  Our recent audit of EDA\xe2\x80\x99s revolving loan fund pro\xc2\xad\n              Commission to auction recovered analog spectrum                  gram revealed weak agency oversight, persistent\n              and deposit the proceeds into a special fund. A por\xc2\xad             problems, and millions in funds to be put to better\n              tion of the proceeds will be used to fund several new            use. EDA management responded with an action\n              programs within the National Telecommunications                  plan that assigns responsibility of the program to a\n              and Information Administration (NTIA). Under the                 single individual who can be held accountable for its\n              act, NTIA, one of the Department\xe2\x80\x99s smaller agencies,             operations, lays out a time frame with specific mile\xc2\xad\n              is slated to manage up to nine new programs, two of              stones addressing known problems as well as\n              which have potential combined budgets totaling                   establishing performance metrics that will allow sen\xc2\xad\n              $2.5 billion (a grant program for public safety inter\xc2\xad           ior management to better monitor the program.\n              operable communications and a converter box                      Since the report was issued, EDA has partnered with\n              coupon program).                                                 OIG to provide single audit training for EDA staff\n                                                                               involved in the management of revolving loan funds.\n              Successfully implementing these new programs is a\n                                                                               During this semiannual period, we completed an\n              significant management challenge for the\n                                                                               audit of the Census Bureau\xe2\x80\x99s accountable property\n              Department. We are sharing our expertise with\n                                                                               management policies and practices. We found the\n              NTIA to help it design strong, well-structured pro\xc2\xad\n                                                                               bureau had made considerable progress in correcting\n              grams that minimize the opportunities for fraud.\n                                                                               weaknesses by implementing initiatives directed by\n              During this period, we presented information on fed\xc2\xad\n                                                                               Commerce and on its own but still needs to make\n              eral audit requirements, cost principles, and\n                                                                               further improvements. (See page 23.)\n              matching share requirements at a June NTIA public\n              meeting and at September workshops for the\n                                                                               We recently initiated a review of accountable person\xc2\xad\n              56 states and territories receiving more than\n                                                                               able property at USPTO. We plan to issue a report of\n              $968 million in grants to improve interoperable com\xc2\xad\n                                                                               our findings during the next semiannual period.\n              munications of public safety agencies, including fire\n              and police departments and emergency medical\n              teams. In addition, Congress has enacted a new\n              statute requiring OIG to conduct an annual assess\xc2\xad\n              ment of the management of the public safety                      Challenge 5\n              interoperable communications program and to con\xc2\xad\n              duct financial audits over the next 4 years of a\n                                                                               Ensure that USPTO Uses Its\n              representative sample of at least 25 states or territories       Authorities and Flexibilities as a\n              receiving the public safety grants.\n                                                                               Performance-Based Organization\n              In August 2007, NTIA awarded a contract to IBM                   to Achieve Better Results\n              for digital-to-analog converter box coupon program\n              services. In the next semiannual period we plan to               Since the Patent and Trademark Office Efficiency Act\n              review the contract and develop audit plans to help us           transformed USPTO into a performance-based\n              evaluate the implementation of this program.                     organization over 7 years ago, OIG has devoted sig\xc2\xad\n\n\n                                                                           9\n\x0cDOC OIG SAR 11-07.qxd     11/27/07      1:36 PM      Page 10\n\n\n\n\n              Major Challenges for the Department                                                  September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              nificant resources to oversight of the agency. We have                    mise of sensitive patent information. Thus, we\n              issued nearly a dozen reports examining USPTO pro\xc2\xad                        have initiated an audit of accountable property at\n              gram, operational, and administrative issues.                             the agency.\n\n                                                                                        The long-standing and growing backlog highlights\n                                                                                        other issues for USPTO and OIG attention: the need\n                                                                                        to expedite a fully electronic patent examination\n                                                                                        process and to carefully monitor the agency\xe2\x80\x99s billion-\n                                                                                        dollar investment in high-risk time and materials and\n                                                                                        award fee contracts for related information technolo\xc2\xad\n                                                                                        gy services. OIG may conduct reviews of selected\n                                                                                        USPTO contracts to ensure vendors are complying\n                                                                                        with contract terms and conditions, containing costs,\n                                                                         USPTO\n              USPTO Director Jon Dudas and Secretary of Commerce Carlos\n                                                                                        and delivering the required services on time.\n              Gutierrez (back row) look on as Dean Harts of 3M, April Sauders-\n              Fuller of Fish & Richardson, and Felicia Metz of the University of        Clearly, recruitment, attrition, and information tech\xc2\xad\n              Maryland (front row) file patent documents electronically at the          nology remain serious challenges for the agency. We\n              March 16, 2006, launch of EFS-Web USPTO\xe2\x80\x99s new electronic\n                                                                                        will continue to monitor USPTO\xe2\x80\x99s progress in those\n              filing system.\n                                                                                        areas as well as its training programs and human\n                                                                                        resources or personnel operations, where we earlier\n              While USPTO plays a critical role in promoting the                        found some questionable practices and the need for\n              nation\xe2\x80\x99s technological progress and protecting intel\xc2\xad                     improved management controls. We also plan to con\xc2\xad\n              lectual property rights, its task is often viewed as                      duct follow-up work on the agency\xe2\x80\x99s new overseas\n              daunting given the increasing number and complexi\xc2\xad                        attach\xc3\xa9 program and some of its other initiatives,\n              ty of patent applications. The agency\xe2\x80\x99s 21st Century                      such as the new patent peer review process.\n              Strategic Plan, issued in 2002 and later revised, out\xc2\xad\n              lined numerous initiatives to help reduce its large\n              backlog of applications, ensure the quality of granted\n              patents, and improve the productivity of its examin\xc2\xad                      Challenge 6\n              er corps. An earlier OIG report on USPTO\xe2\x80\x99s patent\n              examiner production goals, performance appraisal                          Effectively Manage the\n              plans, and awards highlighted actions that the agency\n              could take to stimulate and reward examiner produc\xc2\xad\n                                                                                        Development and Acquisition of\n              tion. A recent GAO report on USPTO\xe2\x80\x99s recruitment                          Environmental Satellites\n              and retention efforts also called on agency managers\n              to reassess examiner production goals, but noted that                     NOAA is in the midst of a major overhaul of its envi\xc2\xad\n              examiners often cited those goals as a primary reason                     ronmental monitoring capabilities, spending several\n              for leaving the agency. GAO also reported that attri\xc2\xad                     billion dollars on contracts for the purchase, con\xc2\xad\n              tion is continuing to offset USPTO\xe2\x80\x99s hiring progress                      struction, and modernization of satellite systems that\n              even with the use of many incentives and flexibilities                    collect data to produce short- and long-range weath\xc2\xad\n              to retain the workforce for longer periods.                               er forecasts and a variety of other critical information.\n                                                                                        Satellite programs are highly complex and risky, and\n              One of those workplace incentives has been                                they historically have been plagued by substantial\n              USPTO\xe2\x80\x99s expansion of its telework program, allow\xc2\xad                         cost increases and schedule delays. They are also\n              ing examiners to use laptops to work at offsite                           extremely important to public safety and defense\n              locations. Lost laptops and data security problems at                     operations, and therefore have been a continuing\n              other Commerce bureaus underscore the need for                            focus of our work.\n              strong policies, procedures, and controls at USPTO\n              to avoid similar problems and the potential compro-\n\n\n\n                                                                                   10\n\x0cDOC OIG SAR 11-07.qxd     11/27/07       1:36 PM        Page 11\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                                         Major Challenges for the Department\n\n\n\n\n              Acquiring Geostationary                                                                for GOES-R that omits key features of accepted satel\xc2\xad\n                                                                                                     lite acquisition management practices. And we\n              Weather Satellites\n                                                                                                     concluded these omissions had negative impacts on\n                                                                                                     the program. We made recommendations to\n              In the next decade, GOES-R will replace the existing\n                                                                                                     Commerce and NOAA to help bring GOES-R over\xc2\xad\n              GOES satellites. The new series will offer an uninter\xc2\xad\n                                                                                                     sight and management practices in line with those\n              rupted flow of high-quality data to support weather\n                                                                                                     used by NASA and the Department of Defense in\n              forecasting, severe storm detection, and climate\n                                                                                                     satellite acquisitions. NOAA agreed with our recom\xc2\xad\n              research vital to public safety. GOES-R is a multicon\xc2\xad\n                                                                                                     mendations specific to its role in the acquisition,\n              tract, multiyear program wholly funded by\n                                                                                                     stating it is working with NASA on changes that will\n              Commerce, though the new satellites will be devel\xc2\xad\n                                                                                                     implement them. We recently received the\n              oped and acquired with help from NASA Goddard\n                                                                                                     Department\xe2\x80\x99s response, which will be considered in\n              Space Flight Center. Planning for the new series has\n                                                                                                     developing our final conclusions and recommenda\xc2\xad\n              been under way for the past 7 years. The\n                                                                                                     tions regarding management of the GOES-R\n              Department\xe2\x80\x99s investment for GOES-R for fiscal years\n                                                                                                     program.\n              2008 to 2012 is projected to be about $2.4 billion.\n\n\n                                                                                                     NPOESS Acquisition Restructured\n                                                                                                     We described the troubled National Polar-orbiting\n                                                                                                     Operational Environmental Satellite System\n                                                                                                     (NPOESS) in our September 2006 Semiannual\n                                                                                                     Report (page 29). This joint project of NOAA,\n                                                                                                     NASA, and the Department of Defense will be a crit\xc2\xad\n                                                                                                     ical element in the nation\xe2\x80\x99s ability to provide\n                                                                                                     continuous weather and environmental data for civil\xc2\xad\n                                                                                                     ian and military needs through the coming 2 decades.\n                                                                                                     In November 2005, Defense reported that NPOESS\n                                              http://goes.gsfc.nasa.gov/text/goesimbroch.html\n                                                                                                     costs had grown by 25 percent over original esti\xc2\xad\n              This solar imager, which is carried on the GOES satellites currently\n              in orbit, observes the sun\xe2\x80\x99s X-ray emissions and allows early\n                                                                                                     mates, largely because of problems developing a key\n              detection of flares and other solar phenomena that may affect the                      sensor, the Visible/Infrared Imager Radiometer Suite\n              Earth and its atmosphere. GOES-R will feature an enhanced solar                        (VIIRS). The 25 percent overrun triggered congres\xc2\xad\n              imaging suite that permits even more varied and precise readings.                      sional recertification under the Nunn-McCurdy\n                                                                                                     provision of the FY 1982 National Defense\n              In acquiring GOES-R jointly with NASA, NOAA                                            Authorization Act. In June 2006, the House Science\n              will have the lead management role for the first time,                                                             Committee accepted a\n              giving the Department direct oversight authority for                                                               triagency proposal to con\xc2\xad\n              both the ground and space segments. In June 2007,                                                                  tinue the program, but\n              NOAA and NASA signed a memorandum of agree\xc2\xad                                                                        with four satellites instead\n              ment defining their separate authorities and                                                                       of six, and with fewer sen\xc2\xad\n              responsibilities for managing, developing, acquiring,                                                              sors. Total acquisition\n              and integrating GOES-R. Because these are new roles                                                                costs were revised by\n              for both the Department and NOAA, we evaluated                                                                     $5 billion.\n              whether they have established effective mechanisms                                                http://eic.ipo.noaa.gov/\n                                                                                                           IPOarchive/ED/graphics_kit/\n                                                                                                                               This past July, the\n              for handling their expanded responsibilities.                                                    NPOESS_teamLogo.jpg\n                                                                                                                               NPOESS Program Office\n              Our draft report, issued to the Department and                                         executed a $4.2 billion modification to the develop\xc2\xad\n              NOAA in September, identifies a life-cycle process                                     ment and production contract after a year-long effort\n\n\n\n                                                                                                11\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 12\n\n\n\n\n              Major Challenges for the Department                                        September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              to restructure the satellite program following recerti\xc2\xad        Over the past several years, OIG has conducted several\n              fication. The revamped program calls for more                  reviews of the Department\xe2\x80\x99s efforts to increase U.S. mar\xc2\xad\n              rigorous management controls and oversight, and a              ket opportunities, provide assistance to U.S. exporters,\n              more objective incentive payment plan for the con\xc2\xad             and overcome trade barriers in difficult foreign markets.\n              tractor. It covers development, delivery, and launch of        A number of these reviews have also included evalua\xc2\xad\n              two NPOESS satellites through 2016, and includes               tions of ITA\xe2\x80\x99s process for reporting export success claims\n              delivery of sensors to support the NPOESS                      resulting from its assistance to U.S. businesses. Our\n              Preparatory Project, which is to be launched in 2009           findings have prompted ITA to strengthen its controls\n              for the purpose of demonstrating and validating new            related to export success reporting.\n              instruments, algorithms, and other capabilities. The\n              last phase of development is now proceeding.\n              Program executives have identified VIIRS and the               Interagency Trade Coordination\n              Cross-track Infrared Sounder (CrIS) as the highest\n              risk components.                                               In March 2007, OIG released a report reviewing var\xc2\xad\n                                                                             ious aspects of Commerce\xe2\x80\x99s trade promotion efforts\n              We will continue to monitor cost, schedule, and                and the coordination of those efforts among various\n              technical progress on both GOES-R and NPOESS                   offices within the Department and with other federal\n              and report our findings in future semiannual reports.          and state trade agencies and other trade partners. We\n                                                                             found effective collaboration on trade promotion in\n                                                                             many instances, but we also identified areas where\n                                                                             Commerce and other members of the federal inter-\n              Challenge 7\n              Promote U.S. Exports and\n              Fair Competition in\n              International Trade\n              The Department of Commerce accomplishes its\n              goals of promoting trade, opening overseas markets\n              to American firms, and protecting U.S. industry\n              from unfair trade practices primarily through the\n              work of the International Trade Administration\n              (ITA). ITA also works with USPTO and NIST to\n              advise U.S. companies on intellectual property rights\n              and standards issues.\n\n              During this semiannual period, OIG decided to\n              revise the title of the challenge facing the\n              Department. Although Commerce has a primary role\n              in enforcing U.S. antidumping and countervailing\n              duty laws and countering foreign unfair trade prac\xc2\xad\n              tices, greater emphasis and resources are focused on\n              promoting U.S. exports and ensuring access to world                                                    Commerce Photographic Services\n              markets for U.S. companies. Hence, we have modi\xc2\xad               Commerce Secretary Carlos M. Gutierrez announced the release of\n              fied this challenge to better reflect the Department\xe2\x80\x99s         the 2007 National Export Strategy and highlighted the need for\n              and ITA\xe2\x80\x99s responsibilities for promoting exports and           congressional action on the Peru, Colombia, Panama, and Korea\n              reducing trade barriers.                                       Free Trade agreements at the 25th annual Washington Trade Gala\n                                                                             in July.\n\n\n\n\n                                                                        12\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:36 PM    Page 13\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                         Major Challenges for the Department\n\n\n\n              agency Trade Promotion Coordinating Committee                   activities. (See September 2006 Semiannual Report,\n              could enhance their cooperation on specific activities,         pages 33-37.)\n              such as trade finance assistance, Internet resources for\n              exporters, and trade assistance at overseas posts that          CS and ITA each have 3 open recommendations out\n              do not have a commercial officer. Many of the recom\xc2\xad            of a total of 20 in our 2006 review of CS operations\n              mendations in that report require long-term efforts             in Argentina and Uruguay. The open recommenda\xc2\xad\n              and/or interagency cooperation for completion, so               tions involve financial management improvements\n              none of them has yet been fully implemented. (See               and effective coordination with the Department of\n              March 2007 Semiannual Report, pages 37-40.)                     State\xe2\x80\x99s partnership posts. (See September 2006\n                                                                              Semiannual Report, pages 25-27.)\n              During the course of working on the trade coordina\xc2\xad\n              tion report, OIGs at several agencies raised issues             Finally, only 3 recommendations remain open of the\n              about the process Commerce uses to prepare the                  35 originally made in our review of CS China,\n              National Export Strategy and the involvement of other           although we recently received information indicating\n              federal agencies in that effort. We reviewed the 2002           additional action may be required on one of the\n              to 2006 National Export Strategy reports and found              closed recommendations. The open recommenda\xc2\xad\n              that the annual report often outlines useful strategies         tions deal with the American Trading Center\n              and initiatives\xe2\x80\x94such as the promotion of public-pri\xc2\xad            initiative and an evaluation of language proficiency\n              vate partnerships. The strategy does not, however,              requirements for CS officers assigned to China. (See\n              establish consistent goals for promoting exports, align         March 2006 Semiannual Report, pages 23-26.)\n              agency-specific strategic objectives with government-\n              wide export promotion strategic goals, or measure               During the next semiannual period, we will continue\n              progress toward meeting those goals. Nor is it a coor\xc2\xad          to monitor Commerce\xe2\x80\x99s response to recommenda\xc2\xad\n              dinated government-wide strategy, as envisioned by              tions made in our recent reports on CS operations at\n              the Export Enhancement Act of 1992. The 2007                    Asian and South American posts and on trade coor\xc2\xad\n              National Export Strategy report, released in June, con\xc2\xad         dination. Future OIG reviews may focus on the\n              tained several improvements that are responsive to              Department\xe2\x80\x99s efforts to oversee U.S. foreign trade\n              our recommendations, but further action is warrant\xc2\xad             zones or to increase exports to countries that have\n              ed. (See page 33.)                                              recently signed free trade agreements with the United\n                                                                              States. We will also continue our periodic inspections\n                                                                              of CS\xe2\x80\x99 overseas posts, as mandated by the 1988\n                                                                              Omnibus Trade and Competitiveness Act.\n              U.S. Trade Promotion in Latin America\n              and China\n              During this semiannual period, we followed up on                Challenge 8\n              recommendations made in our reports on\n              Commercial Service (CS) operations in Brazil,                   Effectively Manage NOAA\xe2\x80\x99s\n              Argentina, Uruguay, and China. ITA and CS have\n              made progress on many of the recommendations in\n                                                                              Stewardship of Ocean and Living\n              our CS Brazil review, and we have closed 18 of our              Marine Resources\n              43 recommendations. Those that remain open\n              include recommendations for improving coordina\xc2\xad                 NOAA spends billions of dollars each year support\xc2\xad\n              tion with other embassy sections, clarifying export             ing a vast array of programs designed to protect and\n              success reporting, and developing a strong marketing            enhance the resources in 3.5 million square miles of\n              plan and financial management practices. In addi\xc2\xad               coastal and deep ocean waters and the Great Lakes.\n              tion, we have closed the 2 recommendations made to              These programs require long-term commitments and\n              USPTO but have kept open a recommendation to                    years of funding to show their full effect. And they\n              NIST regarding coordination with CS on regional                 must operate in balance with the economic interests\n\n\n                                                                         13\n\x0cDOC OIG SAR 11-07.qxd     11/27/07       1:36 PM        Page 14\n\n\n\n\n              Major Challenges for the Department                                                            September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              of the nation: one of every six jobs is marine related                              waters offer safe breeding grounds for threatened\n              and more than one-third of the gross national prod\xc2\xad                                 species and harbor underwater archeological sites.\n              uct is generated by economic activity tied to                                       The program\xe2\x80\x99s primary mission is resource protec\xc2\xad\n              coastal areas.                                                                      tion, but it must also facilitate compatible public and\n                                                                                                  commercial uses along with conservation and\n              NOAA offers several financial assistance programs to                                research activities. The sanctuary program coordi\xc2\xad\n              support the commercial fishing industry\xe2\x80\x99s viability                                 nates its efforts with the U.S. Coast Guard,\n              while working to reduce overfishing and rebuild                                     Environmental Protection Agency, Department of\n              compromised fisheries. The Fisheries Finance Loan                                   the Interior, and a broad range of other federal, state,\n              Program is one such initiative. Operated by the                                     local, and private partners. We are evaluating whether\n              National Marine Fisheries Service, the program pro\xc2\xad                                 the program is meeting its core objectives, with a pri\xc2\xad\n              vides direct loans to refinance or refurbish fishing                                mary focus on marine conservation and research.\n              vessels, shoreside processing facilities, and aquacul\xc2\xad\n              ture facilities. Program regulations and congressional                              The National Data Buoy Center manages four marine\n              appropriation language restrict the program from                                    observation systems: weather buoys, coastal marine\n              making loans for vessel construction or refurbishing                                observing stations, tsunami detection buoys, and cli\xc2\xad\n              loans that increase a vessel\xe2\x80\x99s fishing capacity. Since                              mate monitoring buoys. Weather forecasting depends\n              1998, NMFS has made approximately 200 loans, for                                    on the reliability and accuracy of these systems. In\n              a total of nearly $300 million. We are currently eval\xc2\xad                              addition, the Tropical Atmosphere and Ocean buoys\n              uating the agency\xe2\x80\x99s management of the loan program                                  and weather buoys with oceanographic sensors pro\xc2\xad\n              to determine if it affects NOAA\xe2\x80\x99s ability to help end                               vide climate data and information for researchers. We\n              overfishing and rebuild fisheries. Also under way are                               are assessing the quality and availability of data gen\xc2\xad\n              reviews of NOAA\xe2\x80\x99s National Marine Sanctuary                                         erated by the observational buoys and coastal stations\n              Program and the National Data Buoy Center\xe2\x80\x99s ocean                                   and the center\xe2\x80\x99s management of them. We anticipate\n              observation system.                                                                 that the sanctuary and data buoy reviews will be com\xc2\xad\n                                                                                                  pleted in December or early 2008.\n\n                                                                                                  In planning for future OIG work on this challenge,\n                                                                                                  we are considering reviews of NOAA\xe2\x80\x99s offshore aqua\xc2\xad\n                                                                                                  culture program, its coral reef program and coastal\n                                                                                                  zone management, among other issues vital to the\n                                                                                                  stewardship of ocean and living marine resources.\n\n\n\n                                                                                                  Challenge 9\n                                         Greg McFall/Grey\xe2\x80\x99s Reef National Marine Sanctuary\n                                                                                                  Aggressively Monitor Emergency\n              Coral reefs are some of the most biologically rich and economically\n              valuable ecosystems on Earth. They are found in five National                       Preparedness, Safety, and\n              Marine Sanctuaries, such as Grey\xe2\x80\x99s Reef (pictured above), off the\n              coast of Georgia.                                                                   Security Responsibilities\n              The sanctuary program manages and protects                                          The Department of Commerce has more than\n              13 sanctuaries and a marine national monument in                                    35,000 employees and hundreds of facilities it\n              northwestern Hawaii, which is the largest protected                                 must keep safe. As a cabinet-level Department, it also\n              marine area in the world. The entire sanctuary system                               has a number of programs critical to national pre\xc2\xad\n              encompasses 158,000 square miles of U.S. ocean and                                  paredness and recovery efforts, and it must support\n              Great Lakes marine habitat that have conservation,                                  U.S. efforts to prepare for, respond to, and recover\n              historical, or scientific importance\xe2\x80\x94their protected                                from major disasters.\n\n\n                                                                                             14\n\x0cDOC OIG SAR 11-07.qxd     11/27/07      1:45 PM      Page 15\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                        Major Challenges for the Department\n\n\n\n                                                                                            threats, and the broad range of public safety respon\xc2\xad\n                                                                                            sibilities inherent in its mission.\n\n                                                                                            Our in-progress review of NOAA\xe2\x80\x99s ocean monitoring\n                                                                                            system, mentioned previously, is an example of our\n                                                                                            broader focus. Data buoys\xe2\x80\x94the primary components\n                                                                                            of the system\xe2\x80\x94record a variety of critical marine\n                                                                                            readings, such as wind and wave measurements and\n                                                                                            air and sea temperatures, giving forecasters an addi\xc2\xad\n                                                                                            tional tool for predicting and tracking hurricanes and\n                                                                                            other potential weather emergencies. For the coming\n                                                                                            year, we are also considering reviews of the\n                                                                                            Department\xe2\x80\x99s new identity/badging system, person\xc2\xad\n                                                                                            nel security, and information document security.\n\n\n\n                                                                                            Challenge 10\n                                                                                            Enhance Export Controls for\n                                                                                            Dual-Use Commodities\n                                                           Homeland Security Council\n              The National Continuity Implementation Plan provides                          Commerce\xe2\x80\x99s Bureau of Industry and Security (BIS) is\n              comprehensive guidance for maintaining essential operations                   responsible for the federal government\xe2\x80\x99s export\n              during emergencies.                                                           licensing and enforcement system for goods and tech\xc2\xad\n                                                                                            nologies with both civilian and military uses. Because\n              We continue to monitor Commerce\xe2\x80\x99s progress in                                 of the importance of export controls to national secu\xc2\xad\n              resolving weaknesses in emergency preparedness and                            rity, OIG has consistently devoted a great deal of time\n              security. As of August 2007, the Department had                               and resources to challenges facing BIS.\n              addressed virtually all outstanding recommendations\n              from our 2002 and 2005 reviews of its preparedness                            For the past 8 years, OIG has been working to fulfill\n              programs. But a dynamic security environment con\xc2\xad                             the requirements of the National Defense\n              tinues to challenge the nation: Commerce, like all                            Authorization Act (NDAA) for FY 2000, as amend\xc2\xad\n              federal agencies, must be vigilant in maintaining effec\xc2\xad                      ed, which directed the inspectors general of\n              tive oversight of emergency plans and programs,                               Commerce, Defense, Energy, and State, in consulta\xc2\xad\n              identifying and mitigating new security vulnerabili\xc2\xad                          tion with the directors of Central Intelligence and the\n              ties, and protecting critical assets. It must be able to                      Federal Bureau of Investigation, to report to\n              continue essential operations under all circumstances.                        Congress each year through 2007 on the adequacy of\n                                                                                            current export controls and whether they are effec\xc2\xad\n              In May 2007, President George W. Bush issued                                  tively preventing entities of concern from acquiring\n              National Security Presidential Directive 51 (also                             sensitive U.S. technologies. The Department of\n              known as Homeland Security Presidential Directive                             Homeland Security\xe2\x80\x99s OIG has also participated in\n              20) that updates long-standing continuity directives                          these reviews since that agency was formed. The group\n              to ensure that governing entities are able to recover                         of OIGs is currently completing the eighth and final\n              from operational disruptions, thus maintaining con\xc2\xad                           NDAA interagency review of export controls.\n              tinuity of operations. We will keep a close watch on\n              the Department\xe2\x80\x99s efforts to comply with this direc\xc2\xad                           During this semiannual period, we continued to\n              tive, as well as on its ongoing oversight of                                  monitor BIS\xe2\x80\x99 progress in implementing NDAA rec\xc2\xad\n              preparedness procedures, its response to emerging                             ommendations detailed in our March 2004\n\n\n                                                                                       15\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 16\n\n\n\n\n              Major Challenges for the Department                                       September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n                                             Semiannual Report (pages         We also followed up on our reviews of U.S. export\n                                             14-17). For example,             controls for India and China. (See March 2007\n                                             we have closely followed         Semiannual Report, page 19, and March 2006\n                                             the activities and delib\xc2\xad        Semiannual Report, page 13.) In June 2007, BIS\n                                             erations of the Deemed           implemented a final rule that clarifies U.S. policy on\n                                             Export Advisory Com\xc2\xad             the export to China of items controlled for national\n                                             mittee, which is review\xc2\xad         security reasons and implements new controls on\n                                             ing BIS\xe2\x80\x99 deemed export           exports of certain otherwise uncontrolled items when\n                                             control policy and rele\xc2\xad         the exporter knows they are destined for a military\n                                             vant recommendations             end use in China.\n                                             made by this office.\n                                       BIS\n                                             Deemed export controls           Finally, although questions remain about the overall\n                                             are designed to prevent          effectiveness of the Committee on Foreign\n              the transfer within the United States of controlled             Investment in the United States (CFIUS) process, in\n              U.S. technologies and technical information to for\xc2\xad             this year\xe2\x80\x99s NDAA follow-up report we noted that\n              eign nationals from countries or entities of concern.           both BIS and ITA are working toward implementing\n              We look forward to the committee\xe2\x80\x99s report by the end            our recommendations related to CFIUS activities\n              of this calendar year and hope its findings and recom\xc2\xad          within Commerce. (See March 2007 Semiannual\n              mendations will enable BIS to increase deemed                   Report, pages 23-25.) We believe these improvements\n              export compliance rates, assist enforcement efforts,            will allow greater coordination and transparency in\n              and ensure that the regulations have the intended               Commerce\xe2\x80\x99s decision-making process. However, we\n              effect of protecting national security interests without        continue to question whether CFIUS\xe2\x80\x99 voluntary for\xc2\xad\n              unnecessarily burdening exporters and the scientific            eign investment reporting process allows the\n              community (see March 2004 Semiannual Report,                    Committee to receive timely information about all\n              pages 14-17).                                                   acquisitions and mergers that pose potential security\n                                                                              concerns, especially those involving small or\n                                                                              medium-sized U.S. companies that manufacture or\n                                                                              conduct research on sensitive U.S. technologies.\n\n\n\n\n                                                                         16\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:36 PM    Page 17\n\n\n\n\n                         ECONOMIC DEVELOPMENT\n\n                            ADMINISTRATION\n\n\n              T     he Economic Development Administration was established by the Public Works and Economic\n                    Development Act (PWEDA) of 1965 to generate new jobs, help retain existing jobs, and stimulate pri\xc2\xad\n              vate investment in economically distressed regions of the United States. EDA continues to fulfill this mission\n              under the authority of PWEDA, as amended by the Economic Development Reauthorization Act of 2004.\n              Based on local and regional comprehensive economic development strategies, EDA works in partnership with\n              state and local governments, regional economic development districts, public and private nonprofit organiza\xc2\xad\n              tions, and Indian tribes to help distressed communities address problems associated with long-term economic\n              deterioration and sudden and severe economic dislocations, including recovery from the economic impact of\n              natural disasters, the closure of military installations and other federal facilities, changes in trade patterns, and\n              the depletion of natural resources. EDA provides eligible recipients with technical assistance, as well as grants\n              for public works, planning, training and research, and economic adjustment assistance.\n\n\n\n\n              Nevada County Fails to                                        Our audit, which covered the full grant\n                                                                            term\xe2\x80\x94September 30, 1999, through August 15,\n              Complete $6.7 Million Public                                  2004\xe2\x80\x94sought to determine whether the county had\n              Works Project                                                 achieved award objectives, claimed allowable costs,\n                                                                            maintained adequate administrative and program\n              We conducted an audit of a public works grant                 controls, and complied with grant terms and condi\xc2\xad\n              awarded to a county to offset the economic impacts            tions. The county claimed total project costs of\n              of defense downsizing at the Nevada Test Site. Total          $6,746,652, which exceeded the approved\n              estimated costs for the project\xe2\x80\x94which targeted high-          award budget.\n              tech development in the state's south central\n              region\xe2\x80\x94were $6.7 million, consisting of a $3 million          Our review disclosed that the county failed to execute\n              federal share, with the county's match making up              numerous responsibilities it had committed to when\n              the balance.                                                  it applied for the award. It could not finance the local\n                                                                            share, implement the project components as intend\xc2\xad\n              The grant was to fund three activities: planning and          ed, or properly oversee the project to ensure it was\n              project management, creation of a technology center           administered according to federal cost principles,\n              to provide distance education to rural communities            uniform administrative requirements, and award\n              along the targeted development corridor, and con\xc2\xad             terms and conditions. In addition, the county did not\n              struction of a science and technology park for private        provide and maintain the necessary engineering\n              high-tech firms.                                              supervision to ensure that the work on the science\n\n\n\n\n                                                                       17\n\x0cDOC OIG SAR 11-07.qxd     11/27/07       1:36 PM      Page 18\n\n\n\n\n              Economic Development Administration                                                      September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              and technology park conformed to approved plans                             EDA Should Consider\n              and specifications and resulted in a functional devel\xc2\xad\n              opment. More than a year after construction was                             Terminating Grant to California\n              completed and the grant had expired, the park                               City and Water District\n              remained without water and other infrastructure and\n              had no prospects for use.                                                   In February 2005, EDA awarded a California city\n                                                                                          and water district a $7.9 million grant consisting of a\n                                                                                          48 percent federal share of $3,800,000 and a 52 per\xc2\xad\n                                                                                          cent local match of $4,137,000 to increase water and\n                                                                                          sewer capacity and service to both the city and the\n                                                                                          adjoining service area. In August 2005, EDA sus\xc2\xad\n                                                                                          pended the award because the recipients had not\n                                                                                          executed a joint agreement to administer the grant.\n                                                                                          The water district subsequently asked to withdraw\n                                                                                          from the grant but agreed to continue to provide\n                                                                              OIG         $2 million toward the local share. EDA has yet to\n              The grantee completed the proposed technology center knowing that           decide on the water district's request to withdraw.\n              the county did not have the infrastructure needed to link the center        The award remains suspended, and no federal funds\n              with outlying communities and establish a long-distance learning            have been disbursed by EDA.\n              network. The building remains unusable for its intended purpose.\n\n                                                                                          We conducted an audit to assess the city\xe2\x80\x99s ability to\n              We questioned the entire $6,746,652 in claimed                              effectively manage the grant project. As the grant\n              costs and recommended that the EDA regional direc\xc2\xad                          recipient, the city is responsible for responding to our\n              tor (1) conduct a technical assessment of the county's                      requests for records and making staff available for\n              performance and determine the value of work not                             interviews and inquiries. Despite this fact, we\n              completed or not operational; (2) disallow all claimed                      encountered numerous difficulties obtaining access\n              costs pending the results of the assessment and recov\xc2\xad                      to the documentation and key personnel we needed.\n              er the federal share of $3 million; (3) require the                         Among other things, the city refused to\n              county to report on its efforts to provide water to the\n              park and establish a time line and budget for com\xc2\xad                              \xe2\x96\xa0\t   schedule an entrance conference until shown\n              pleting the park as originally conceived or otherwise                                the audit access clause contained in the\n              integrating it into alternative economic development                                 city\xe2\x80\x99s award;\n              plans; and (4) accurately identify the amount of\n              equipment acquired under the award and the govern\xc2\xad                              \xe2\x96\xa0\t   provide requested documentation relating to\n              ment's interest in that equipment. We also                                           its procurement of consulting and\n              recommended that EDA declare the county a high-                                      architectural engineering services, claiming\n              risk recipient should it ever be considered for future                               that California record retention laws do not\n              federal awards.                                                                      require such documentation to be maintained\n                                                                                                   in perpetuity, despite the fact that grant terms\n              County officials concurred with some of our findings                                 clearly required them to have retained the\n              and disagreed with others, but offered no compelling                                 relevant documents at the time of our\n              evidence to cause us to modify our conclusions and                                   request; and\n              recommendations. (Seattle Regional Office of Audits:\n              STL-17802)                                                                      \xe2\x96\xa0    schedule interviews with two key personnel.\n\n                                                                                          We were ultimately able to arrange a meeting with\n                                                                                          one after obtaining contact information from\n                                                                                          outside sources. We were never able to schedule the\n                                                                                          second interview.\n\n\n                                                                                     18\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 19\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                       Economic Development Administration\n\n\n\n              After 2 weeks of thwarted attempts to obtain the               administers the grant has rebuilt the fund over the\n              information and documentation necessary to con\xc2\xad                past 17 years.\n              duct the audit, we concluded that we were at an\n              impasse. The city's denial of access constituted a             At the request of the EDA Chicago Regional Office,\n              material breach of the EDA grant. We recommended               we conducted an audit of this award. We found that\n              EDA consider terminating the award for cause,                  the grant administrator inappropriately combined\n              deobligating the federal share, and putting $3.8 mil\xc2\xad          the accounting records for the RLF with its account\xc2\xad\n              lion to better use. (Seattle Regional Office of Audits:        ing for two subsequent state grants into a single\n              STL-18499)                                                     account. As a result, the EDA RLF funds were indis\xc2\xad\n                                                                             tinguishable from the state grant funds and therefore\n                                                                             unauditable. During our fieldwork in November\n                                                                             2006, we notified the grant administrator that the\n              More than $2 Million in RLF                                    RLF fund and corresponding matching share needed\n                                                                             to be separated from its other grant funds.\n              Grant Funds Questioned\n                                                                             After our fieldwork was complete, the grant adminis\xc2\xad\n              In September 1985, EDA awarded an $800,000 sud\xc2\xad                trator separated the RLF fund and its corresponding\n              den and severe economic dislocation adjustment                 match from other grant funds and claimed the fund\n              implementation grant to a Wisconsin county. The                totaled $2,051,404 as of September 30, 2006.\n              grant required a $623,870 match, bringing the initial          However, the administrator did not provide docu\xc2\xad\n              project value to $1,423,870. EDA later deobligated             mentation supporting its claim. We questioned the\n                                       $2,812 of grant funds,                entire amount claimed because the allowability and\n                                           leaving total capitaliza\xc2\xad         accuracy of each line item was not documented.\n                                            tion of $1,421,058.\n                                                                             We recommended the EDA Chicago regional direc\xc2\xad\n                                            The grant was origi\xc2\xad             tor require the grant administrator to provide\n                                            nally to be combined             supporting documentation for its claimed RLF bal\xc2\xad\n                                            with private financing           ance. If the administrator cannot adequately support\n                                           to make a loan to a               the claimed RLF balance, EDA may terminate the\n                                          local hardwood die                 grant and recover $797,188 of federal funds awarded\n                                      company. Repayments of                 (the $800,000 EDA award less the $2,812 deobliga\xc2\xad\n              the loan were to be used to create a revolving loan            tion). The grant administrator has filed an appeal,\n              fund (RLF). The initial loan defaulted in 1990, but            which is currently under consideration. (Denver\n              the local economic development corporation that                Regional Office of Audits: DEN-18388)\n\n\n\n\n                                                                        19\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page 20\n\n\n\n\n                                                                                             Photo Courtesy U.S. Census Bureau\n                                                  A Census Bureau enumerator shows an official badge before beginning a survey.\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 21\n\n\n\n\n                        ECONOMICS AND STATISTICS\n\n                            ADMINISTRATION\n\n\n              T   he Economics and Statistics Administration analyzes economic developments, formulates policy\n                  options, and produces a major share of U.S. government economic and demographic statistics. The chief\n              economist monitors and analyzes economic developments and directs studies that have a bearing on the\n              formulation of economic policy. ESA has two principal agencies:\n\n                  U.S. Census Bureau is the country\xe2\x80\x99s preeminent statistical collection and dissemination agency. It\n                  publishes a wide variety of statistical data about the nations\xe2\x80\x99 people and economy, conducting\n                  approximately 200 annual surveys, in addition to the decennial census of the U.S. population and the\n                  quinquennial census of industry.\n\n                  Bureau of Economic Analysis prepares, develops, and interprets the national income and product accounts\n                  (summarized by the gross domestic product), as well as aggregate measures of international, regional, and\n                  state economic activity.\n\n\n\n\n              Census Bureau Needs to                                         and lost laptops, the Department issued a press\n                                                                             release stating that 1,138 laptops had been lost\n              Strengthen Personal Property                                   Department-wide. Of that number, 672 belonged to\n              Controls and Laptop Security                                   Census. Commerce subsequently received a second\n                                                                             congressional request relating to information on\n              In May 2006, the Department of Veterans Affairs                missing laptop computers, thumb drives, handheld\n              announced that computer equipment containing the               devices, and computer data disks dating back to\n              personal information of approximately 26.5 million             January 2001. In response to the large number of lap-\n              veterans and active duty members of the military had           tops lost by Census, the Secretary of Commerce\n              been stolen from the home of an employee. The ram\xc2\xad             asked the Office of Inspector General to determine\n              ifications of this theft, including the high cost of           the extent of problems in protecting sensitive person\xc2\xad\n              protecting the identities of the individuals whose data        al information at the Census Bureau and to assess the\n              had been stolen, emphasized the importance of                  bureau\xe2\x80\x99s property management policies and practices.\n              ensuring that controls are in place to prevent future\n              data breaches at federal agencies.                             Our Office of Audits reviewed the Census Bureau\xe2\x80\x99s\n                                                                             policies and procedures and assessed internal controls\n              In September 2006, following both a congressional              over accountable personal property. Its emphasis was\n              and a Freedom of Information Act request regarding             on the missing/lost/stolen laptops reported to\n              the compromise of sensitive personal information               Congress for the period 2001 to 2006. In a separate\n\n\n\n                                                                        21\n\x0cDOC OIG SAR 11-07.qxd       11/27/07      1:36 PM   Page 22\n\n\n\n\n              Economics and Statistics Administration                                        September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              report, our Office of Systems Evaluation reviewed the           ed a full system shutdown. The laptop\xe2\x80\x99s hard drive\n              IT security controls protecting sensitive information           was not encrypted in standby or hibernation modes,4\n              on laptop computers during the time frame of the                if a laptop was manually turned off without executing\n              reported losses.                                                the system shutdown command, or if it lost power.\n                                                                              Even after a full system shutdown, Social Security\n              We identified the weaknesses that existed during the            numbers, names, addresses, phone numbers, and\n              time the laptops went missing and the corrective                medical and financial information remained unen\xc2\xad\n              actions that had been taken or were planned to pre\xc2\xad             crypted in some specific types of files on Census field\n              vent future losses, and determined which weaknesses             representatives\xe2\x80\x99 laptops. Given how the laptops are\n              still remained. We examined internal controls such as           used in the field, it is likely that some were in an\n              physical control over vulnerable assets, segregation of         unencrypted state when lost or stolen, leaving Title\n              duties, and execution, recording, and documentation             13 information readily accessible. However, Census\n              of transactions and events.                                     reported that as of June 2007 it had completed its\n                                                                              implementation of full disk encryption on all field\n              We also examined six laptops used by Census field               representative laptops currently in use, which\n              representatives to collect and store survey informa\xc2\xad            resolved the encryption problems we had identified.\n              tion. Census\xe2\x80\x99s technology management office\n              obtained the laptops for us from regional Census                Unnecessary User Privileges Introduced\n              offices. The encryption software on these laptops was           Significant Risks\n              the product used prior to the recent installation of a\n              full disk encryption product.                                   Our laptop evaluation found that field representa\xc2\xad\n                                                                              tives had more privileges than necessary to perform\n                                                                              their duties, including privileges to create and man\xc2\xad\n              Lax IT Security Leaves Sensitive                                age local user accounts and groups, install\n                                                                              applications, and stop and start system services. Such\n              Census Information at Risk of                                   privileges introduce significant risk of information\n              Compromise                                                      compromise because they can be used to reduce the\n                                                                              security controls on the laptops and increase exposure\n              To foster public participation in the bureau\xe2\x80\x99s data col\xc2\xad        to threats.\n              lection activities, Title 133 requires Census to\n              maintain the confidentiality of information it                  Other Weaknesses Increased Risk\n              receives. Yet each of the six laptops we examined\n              using tools readily available on the Internet had seri\xc2\xad         At the time of our fieldwork, violations included\n              ous IT security weaknesses that left Title 13                   sharing of a single Windows operating system\n              information at risk of compromise. This data includ\xc2\xad            account username and password\xe2\x80\x94both published in\n              ed personally identifiable information such as Social           Census\xe2\x80\x99s laptop user guide\xe2\x80\x94on approximately\n              Security numbers, addresses and phone numbers,                  11,000 field laptops, laptops not configured to create\n              financial data, and medical information. We also                security event audit logs, and laptops lacking current\n              found a lack of enforcement of Department and                   antivirus software. These violations greatly increase\n              bureau IT security policy.                                      the possibility that an attacker\xe2\x80\x94either external or\n                                                                              internal\xe2\x80\x94could gain unauthorized access; make it\n              Information on Census field representatives\xe2\x80\x99 laptops            impossible to reconstruct security incidents in the\n              was only encrypted when the computer user execut\xc2\xad               event of a breach (including determining if Title 13\n\n\n              3\n                  13 U.S.C. \xc2\xa7 1 et seq.                                       4\t\n                                                                                   Hibernation mode allows computer users to save the contents\n                                                                                   of their computer\xe2\x80\x99s memory to disk before shutting down.\n                                                                                   Standby mode conserves laptop battery power by turning off\n                                                                                   unnecessary devices until the laptop is needed again. Users\n                                                                                   must reauthenticate to restore the laptop from these modes.\n\n\n\n                                                                         22\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:36 PM    Page 23\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                          Economics and Statistics Administration\n\n\n\n              data had been accessed); and increase the risk of a lap\xc2\xad           ers be provided the necessary senior management and\n              top being infected by computer viruses, which can                  technical support and IT security resources to fulfill\n              compromise Title 13 information, destroy vital files,              their IT security responsibilities, including support\n              and infect other devices connected to the laptop.                  for assessing and making appropriate trade-offs\n                                                                                 between operational needs and IT security consider\xc2\xad\n                                                                                 ations. Further, we recommended that all\n              Lax IT Security Support Allowed Problems\n                                                                                 information system security officer positions be filled\n              to Persist                                                         by personnel who have appropriate IT security skills,\n                                                                                 have IT security as their primary duty, and receive\n              Before the laptop losses became public, no in-depth                close oversight from the senior IT security officer.\n              analysis of the security controls had been performed,              We also made recommendations for correcting\n              even when the bureau\xe2\x80\x99s system was certified and                    the specific IT security violations we identified in\n              accredited in 2004. As we reported in 2004, the                    our evaluation.\n              bureau\xe2\x80\x99s C&A process failed to provide accurate and\n              complete information on remaining vulnerabilities to               In its response to our report, Census identified the\n              authorizing officials, but system operations were                  internal initiatives being implemented to improve the\n              approved nonetheless. Despite the inadequacies in the              bureau\xe2\x80\x99s IT security program. The bureau agreed with\n              assessment of controls on the laptops, significant secu\xc2\xad           our recommendation to examine recovered laptops\n              rity vulnerabilities were known by the bureau\xe2\x80\x99s senior             for unencrypted personally identifiable information\n              IT security officer but remained uncorrected. In addi\xc2\xad             and notify the Identity Theft Task Force if found.\n              tion, although an information system security officer              The bureau did not say whether it concurred with\n              is assigned to each Census system and is charged with              our other recommendations, although it did provide\n              implementing appropriate security controls, the secu\xc2\xad              some general discussion of actions that were partially\n              rity officer for the laptops\xe2\x80\x94like nearly all other                 responsive to them. The difficulty of meeting ever-\n              system security officers at Census\xe2\x80\x94is not an IT secu\xc2\xad              increasing IT security requirements without\n              rity specialist, and system security officer is a part-time        additional funding was a major theme of the\n              duty. Since the time the laptop losses were publicized,            response. (Office of Systems Evaluation: IG-18387-2)\n              senior Census management has taken significant steps\n              to improve protection of Title 13 information\n              throughout the bureau, and the laptop system owner\n              has taken quick action to correct many of the weak\xc2\xad\n                                                                                 Census Has Improved Accountability\n              nesses we identified in our review. Also, our FY 2006              for Laptops and Other Personal\n              and FY 2007 independent FISMA evaluations found                    Property, but Additional Improvements\n              Census has made significant improvements to its                    Are Needed\n              C&A process. The improved process is being used for\n              C&A of the field representative laptops.\n                                                                                 From January 2001 until September 2006, personal\n                                                                                 property management at Census suffered from a\n              IT Security Function Should Be Strengthened                        number of weaknesses, including insufficient atten\xc2\xad\n                                                                                 tion to property management, inactive property\n              We recommended the Census Bureau examine recov\xc2\xad                    boards of review, and inadequate procedures for\n              ered laptops to identify unencrypted personally                    recovery of laptops. During our review, we were told\n              identifiable information and notify Commerce\xe2\x80\x99s                     by various Census officials that prior to 2006 the\n              Identity Theft Task Force of each instance where it is             recovery of lost/stolen laptops and other accountable\n              found. We also recommended the bureau evaluate                     property had not been a priority.\n              whether its CIO office has adequate resources and\n              technical expertise to ensure compliance with IT                   By the time we began our review, Census had taken\n              security requirements and to assist system owners and              or planned a number of actions to address the exist\xc2\xad\n              authorizing officials in carrying out their IT security            ing weaknesses in personal property management. In\n              responsibilities. We recommended that system own-                  an October 3, 2006, memorandum, the Deputy\n\n\n                                                                            23\n\x0cDOC OIG SAR 11-07.qxd    11/27/07    1:36 PM     Page 24\n\n\n\n\n              Economics and Statistics Administration                                     September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              Secretary assigned the offices of the Chief Information        excess equipment is contained in a number of differ\xc2\xad\n              Officer and the Chief Financial Officer and Assistant          ent memorandums issued over many years. We\n              Secretary for Administration responsibility for coordi\xc2\xad        recommended that the internal policies and proce\xc2\xad\n              nating a Department-wide corrective action plan to             dures for handling accountable property be\n              address lax management of personal property and pro\xc2\xad           consolidated into a single cohesive guiding document\n              tect sensitive information. Census had been                    that is routinely updated and readily accessible.\n              implementing the Department-wide corrective action\n              plan and had also initiated corrective actions of its\n              own. Increased management efforts resulted in the\n              recovery of about 120 laptops at headquarters and the\n              regional offices since September 2006.\n\n              But despite the actions already taken, we found\n              Census needs to further strengthen internal controls\n              over its accountable property, and we recommended\n              a number of additional actions to improve its man\xc2\xad\n              agement of personal property.\n\n              Transactions Should Be Recorded Promptly\n                                                                                                                                U.S. Census Bureau\n              Our review found the property management system\n                                                                             Above, a storage room full of equipment no longer in use that has\n              was not always current because transactions involving          been identified as excess and is waiting to be removed from the\n              property were often not recorded in the Automated              premises at a regional office.\n              Property Management System (APMS) promptly. We\n              recommended that all such transactions be promptly\n                                                                             Property Boards of Review Need to\n              recorded; all accountable property on hand at the\n              time of an inventory be recorded in APMS; the back\xc2\xad            Be Convened to Prevent Buildup of\n              log of Personal Property Control forms (CD-50s) be             Case Backlog\n              eliminated; and equipment no longer in use be prop\xc2\xad\n              erly and promptly excessed.                                    During our audit, Census reinstated property boards\n                                                                             of review to eliminate its backlog of approximately\n              Execution of Inventory Procedures                              400 missing, lost, or stolen laptops and 400 other\n              Needs Improvement                                              missing items. Census told us new cases resulting\n                                                                             from its April/May 2007 inventory were being\n                                                                             reviewed. We recommended property boards of\n              We found that regional offices did not always have a\n                                                                             review be convened as necessary to ensure that no\n              member of the inventory team responsible for\n                                                                             future backlog of cases accumulates.\n              ensuring that all items are scanned and marked dur\xc2\xad\n              ing their inventories. Headquarters also encountered\n              difficulties performing inventories. We recommend\xc2\xad             Property Management Officer\xe2\x80\x99s\n              ed Census issue appropriate guidance on conducting             Responsibilities Should Be Evaluated\n              inventories, emphasizing the need for segregation\n              of duties.                                                     Although the large volume and value of its geograph\xc2\xad\n                                                                             ically dispersed property poses a significant\n              Property Management Policies and Inventory                     control challenge for Census, the bureau does not\n              Procedures Need to Be Consolidated                             have a full-time property management officer. We\n                                                                             recommended the bureau assess whether to create a\n                                                                             full-time position solely dedicated to property\n              We found that Census\xe2\x80\x99s guidance on conducting\n                                                                             management.\n              inventories, recovering laptops, and disposing of\n\n\n\n                                                                        24\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 25\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                     Economics and Statistics Administration\n\n\n\n              Census agreed with our property management rec\xc2\xad               because\xe2\x80\x94in addition to having unmarked streets and\n              ommendations and stated that it had already taken or          houses\xe2\x80\x94they often have high numbers of households\n              initiated actions to address them. (Office of Audits:         in which several families share a single residence.\n              IG-18387-1)                                                   When enumerators come knocking on Census Day,\n                                                                            family members may be unwilling or unable to accu\xc2\xad\n                                                                            rately report how many people actually reside at the\n                                                                            address. To prompt a fuller accounting of such cases\n                                                                            in 2010, Census revised the coverage question on the\n              Preparing for Census 2010:                                    enumeration questionnaire by adding a new query\n              Test of Update/Enumerate Process                              that specifically asks if other individuals or families\n                                                                            reside in the home. It also used a separate, down\xc2\xad\n              Reveals Flaws in Maps, Address                                stream operation, called coverage follow-up, for\n              Information, and Approach                                     collecting information from households identified\n                                                                            through the coverage question as potentially having\n              In spring 2006, the Census Bureau tested the                  additional members. These modifications were put to\n              update/enumerate process it plans to use in the 2010          the test on the Cheyenne River Reservation.\n              decennial census to count American Indians living on\n              reservations, Alaska Natives, and other hard-to-count         We evaluated the conduct and early outcomes of the\n              rural populations. During update/enumerate, Census            update/enumerate test, taking a specific look at the\n              staff go door to door to collect population data. They        impact of the new query on improving \xe2\x80\x9cwithin\xc2\xad\n              are also instructed to make any needed corrections to         household coverage\xe2\x80\x9d\xe2\x80\x94that is, counting all members\n              the bureau-generated maps and address lists they use          of reservation households\xe2\x80\x94and the success of the\n              to locate housing units. Census chose South Dakota\xe2\x80\x99s          overall operation in accurately counting the reserva\xc2\xad\n              Cheyenne River Reservation as the site for the test\xe2\x80\x94          tion population. We also assessed whether\n              a choice we believe was a good one because it posed           enumerators updated maps and address lists correctly\n              many of the challenges that have long hindered                and quality control staff provided an effective quality\n              efforts to accurately count reservation populations: a        check of these revisions. Our findings are as follows:\n              severe housing shortage and expansive, rural geogra\xc2\xad\n              phy punctuated by small communities that have\n              mostly unnamed streets and unnumbered houses.                 Flawed Update/Enumerate Process and\n              Update/enumerate is an extremely labor-intensive              Failure to Complete the Operation\n              operation that, in the 2000 decennial, counted\n              1.1 million households (of 116 million nationwide)            Undercut the Bureau\xe2\x80\x99s Ability to\n              at a cost of $32 million.                                     Improve the Reservation Count in 2010\n              American Indians have historically been undercount\xc2\xad           Cheyenne River Reservation, with about 3,000 hous\xc2\xad\n              ed in decennial censuses. Enumerating those who live          ing units, was divided into 215 assignment areas,\n              on large, rural reservations is especially difficult          each of which needed to be enumerated and then\n\n\n\n\n                                                                       25\n\x0cDOC OIG SAR 11-07.qxd    11/27/07    1:36 PM     Page 26\n\n\n\n\n              Economics and Statistics Administration                                    September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              pass quality control within a 12-week time frame.                Changes Designed to Improve Coverage\n              But 84 areas (39 percent) had not passed quality con\xc2\xad\n                                                                               Yielded Negligible Increase in the Count\n              trol by the operation\xe2\x80\x99s end and could not produce\n              reliable counts. Most tellingly, our analysis of all enu\xc2\xad\n                                                                               Disappointed with the results from the 2000 decen\xc2\xad\n              merations recorded during both update/enumerate\n                                                                               nial coverage question, the bureau decided to revise\n              and the subsequent coverage follow-up identified a\n                                                                               the 2010 update/enumerate questionnaire to better\n              significant number of test enumerators\xe2\x80\x94all residents\n                                                                               identify all household members. It did so by adding a\n              of the reservation\xe2\x80\x94who were unaccounted for in\n                                                                               query about \xe2\x80\x9cother individuals or families staying\xe2\x80\x9d in\n              either operation.\n                                                                               the household (see figure below) and assessing the\n                                                                               impact of the revision in the 2006 test. It also decid\xc2\xad\n              We identified three primary problems that caused fre\xc2\xad            ed to enumerate individuals identified by this new\n              quent errors and kept the operation from finishing:              query in the later coverage follow-up operation rather\n              (1) The unclear, inaccurate maps and incomplete                  than on the spot, as had been the practice.\n              address lists generated during address canvassing and\n              supplied to update/enumerate staff prevented enu\xc2\xad                Census identified only 16 households with additional\n              merators from finding a significant number of                    residents because of the new query, and only one per\xc2\xad\n              housing units and quality control staff from complet\xc2\xad            son in those households was added to the 2006 count.\n              ing their follow-up checks. (2) Update/enumerate\n              staff did not have GPS technology to compensate for              One factor in the poor outcome may have been a fail\xc2\xad\n              the poor maps and address lists. (3) The multitude of            ure to properly test the revised questionnaire: The\n              errors made during enumeration overwhelmed the                   majority of enumerators we observed never even\n              quality control check, causing a higher than expected            asked respondents the new query. Because Census\n              number of areas to fail quality control and require              decennial managers did not adequately monitor enu\xc2\xad\n              recanvassing\xe2\x80\x94both of which further crippled the                  merators conducting interviews in the field or their\n              progress of the operation.                                       incoming questionnaires, the bureau did not realize\n\n\n                                       Coverage Question Asked by Enumerators\n\n\n\n\n                                                                                                                            Census Bureau\n\n\n\n\n                                                                          26\n\x0cDOC OIG SAR 11-07.qxd     11/27/07   1:36 PM   Page 27\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                        Economics and Statistics Administration\n\n\n\n              enumerators were for the most part not asking the                  \xe2\x96\xa0\t   giving update/enumerate staff handheld\n              question or that few households were being identified                   computers or inexpensive off-the-shelf GPS\n              as having additional people. The bureau also did not                    devices so they can utilize the housing unit\n              have benchmarks against which to evaluate test                          GPS coordinate information obtained during\n              results and identify problems as the operation pro\xc2\xad                     address canvassing.\n              gressed. And the timing of the coverage follow-up\n              operation\xe2\x80\x94which continued for 3 months after                   We also recommended that Census\n              update/enumerate had concluded\xe2\x80\x94was another like\xc2\xad\n              ly factor in the understated results, as respondents               \xe2\x96\xa0\t   modify quality control procedures to better\n              may not have recalled who was in the household so                       identify missed or duplicated housing units\n              many weeks, or even months, earlier.                                    on reservations,\n\n                                                                                 \xe2\x96\xa0\t   enhance enumerator training, supervision,\n              Leadership Devoted to Transforming                                      and quality control to ensure that the\n                                                                                      coverage question is asked as intended, and\n              Census\xe2\x80\x99s Approach Is Needed to\n              Improve the Count on American Indian                               \xe2\x96\xa0\t   reconsider the decision to delay additional\n              Reservations                                                            enumerations identified via the coverage\n                                                                                      question to coverage follow-up.\n              Despite the difficult challenges to improving the\n              count of reservation populations, the Census Bureau            (Office of Systems Evaluation: OSE-18027)\n              did not have any headquarters official whose princi\xc2\xad\n              pal responsibility was to plan and implement the\n              2006 update/enumerate test for American Indian\n              reservations. Although many employees work on                  Funding Problems Lead\n              American Indian issues, no headquarters official was\n              assigned leadership responsibility for the operation or        to Backlog at Federal\n              charged with the singular task of improving enumer\xc2\xad            Audit Clearinghouse\n              ation on reservations for 2010.\n                                                                             The Single Audit Act of 1984 established uniform\n                                                                             entitywide audit requirements for state and local gov\xc2\xad\n              Our Recommendations                                            ernment and nonprofit organizations receiving\n                                                                             federal financial assistance. In 1996, Congress\n              To improve the count of reservation populations in             amended the act to streamline and improve its effec\xc2\xad\n              2010, we recommended that Census give a senior                 tiveness. Currently, all entities expending $500,000\n              headquarters official specific responsibility for lead\xc2\xad        or more in federal funds are required to have an\n              ing the effort to identify, implement, and monitor             annual single audit.\n              changes to the update/enumerate process on\n              American Indian reservations. This effort should, at a         Reports required under the act provide valuable\n              minimum, generate actions designed to improve the              information on how federal dollars are spent and\n              address canvassing operation so that it produces bet\xc2\xad          whether the funds are spent in accordance with appli\xc2\xad\n              ter maps and address lists for update/enumerate staff.         cable laws and regulations. The information\n              We offered several options for Census to consider in           contained in these reports is used by grant-making\n              accomplishing this objective, such as                          agencies to manage more than $450 billion in grants\n                                                                             to states, local governments, universities and other\n                  \xe2\x96\xa0\t   adding current landmark information and               nonprofits. In FY 2006, approximately $1 trillion in\n                       community names to maps, and                          federal expenditures were included in single audit\n                                                                             reports sent to the Federal Audit Clearinghouse, the\n                                                                             repository for all single audit reports.\n\n\n                                                                        27\n\x0cDOC OIG SAR 11-07.qxd    11/27/07    1:36 PM     Page 28\n\n\n\n\n              Economics and Statistics Administration                                  September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              The clearinghouse receives between 30,000 and\n              40,000 reports each year to process into a govern\xc2\xad               OIG has conducted previous audits of the\n              ment-wide database available to the public.                      Federal Audit Clearinghouse. At the request of\n              Clearinghouse management and programming staff                   OMB, our office performed two \xe2\x80\x9cAgreed Upon\n              are part of the Census Bureau\xe2\x80\x99s Governments                      Procedure\xe2\x80\x9d reviews of the clearinghouse\xe2\x80\x99s process\xc2\xad\n              Division located in Suitland, Maryland. Reports                  ing of single audit reports for fiscal years 1998\n              are processed at a Census Bureau facility in                     and 2000. In March 2005, the OIG Office of\n              Jeffersonville, Indiana.                                         Audits\xe2\x80\x99 Financial Statements and Accountability\n                                                                               Division issued Management Controls Over\n              The clearinghouse\xe2\x80\x99s database goes back to 1997 and               Reimbursable Agreements at the U.S. Census\n              is accessible on its web site. This web-based system             Bureau Need Improvement.\n              allows the public access to audit findings for most\n              federal grant programs and also provides government\n              managers with information that can be used to iden\xc2\xad            with 16 different federal agencies to ensure cost\n              tify major flaws in a program\xe2\x80\x99s administration.                recovery, since FY 2004 funds received through\n                                                                             those agreements have not been sufficient to enable\n              The Census Bureau is required by federal law, regula\xc2\xad          clearinghouse staff to process all submitted single\n              tion, and departmental policy to recover full costs for        audit reports. This lack of funding caused the clear\xc2\xad\n              work performed under certain agreements. As a                  inghouse to accumulate a significant backlog of\n              result, the clearinghouse is expected to recover the           approximately 36,000 unprocessed reports by\n              costs of its operations from the federal agencies it           February 2007, thereby jeopardizing its ability to\n              services. To do this, it has entered into reimbursable         provide the critical data contained in the single\n              agreements with those agencies. Over the 4 years cov\xc2\xad          audit reports to the grant-making entities that rely\n              ered by our audit, the reimbursable agreements                 on it.\n              totaled more than $11 million.\n\n              We conducted an audit of the clearinghouse\xe2\x80\x99s reim\xc2\xad\n              bursable agreements to match the revenue received by\n              the clearinghouse with the costs of operations and\n              determine whether the costs charged to the reim\xc2\xad\n              bursable agreements are reasonable, allowable, and\n              allocable. Originally, the audit scope was to cover the\n              period from October 1, 2003, through March 31,\n              2006. But once we began our work, Census officials\n              requested we expand the audit to include fiscal year\n              2003 so we would be reviewing a year not plagued by\n              funding issues. Additionally, we expanded the period\n              to cover the review of reimbursable agreement                                        http://harvester.census.gov/fac/collect/ddeindex.html\n\n              authorities and signatures for the second half of\n              2006. We did not review expenditures for the second            We recommended that officials ensure that only\n              half of FY 2006.                                               charges allocable to the clearinghouse project are\n                                                                             charged to the project and that personnel who work\n              We found that while management oversight on the                on the clearinghouse project are not inappropriately\n              allocation of project costs to the appropriate reim\xc2\xad           charged to other Census projects. At the bureau\xe2\x80\x99s sug\xc2\xad\n              bursable agreement is generally good, there were a             gestion, we also recommended that Census work\n              few instances in which clearinghouse staff had                 with the Office of Management and Budget and\n              charged time to different project codes once avail\xc2\xad            other entities to develop a budget that fully funds the\n              able funds were exhausted. Furthermore, although               clearinghouse so it can eliminate the current backlog\n              Census has entered into reimbursable agreements                as soon as possible.\n\n\n\n                                                                        28\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 29\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                         Economics and Statistics Administration\n\n\n\n              The Census Bureau generally agreed with our recom\xc2\xad             Census submitted an action plan in response to our\n              mendations and noted that clearinghouse staff is               report that outlined steps to address our recommen\xc2\xad\n              carefully examining monthly spending reports,                  dations and set deadlines of October 2006 and\n              increasing vigilance over this fiscal year\xe2\x80\x99s project           January 2007 for implementing them. But we found\n              charging, and instituting additional internal controls         during our follow-up review that little has occurred.\n              over project spending. The clearinghouse will contin\xc2\xad\n              ue to work with OMB to improve or replace the                  The bureau has not yet developed adequate FECA\n              current reimbursable funding mechanism with a                  training or guidance for supervisors and managers\n              more efficient and timely process that transfers               and is still developing a return-to-work strategy for\n              approved funding at the beginning of the fiscal year.          2008 dress rehearsal operations\xe2\x80\x94which are already\n              (Atlanta Regional Office of Audits: ATL-18113)                 under way\xe2\x80\x94and for the 2010 census. The bureau has\n                                                                             been collaborating with the Department to identify\n                                                                             claimants from past decennials who could be offered\n                                                                             jobs, but no offers have been extended.\n              Census 2010: Little Progress Has                               Census officials advised us that they have been unable\n              Been Made on a Workers\xe2\x80\x99                                        to implement their plans for addressing the recom\xc2\xad\n              Compensation Strategy for                                      mendations in our 2006 report for a variety of\n                                                                             reasons, one being the disruption of relocating staff\n              Temporary Hires                                                to the bureau\xe2\x80\x99s new headquarters building this past\n                                                                             spring. They also questioned the wisdom of training\n              During this semiannual period, we followed up on               field supervisors to be more involved in the workers\xe2\x80\x99\n              our March 2006 review of the Federal Employees\xe2\x80\x99                compensation program, believing this additional\n              Compensation Act (FECA) program at Commerce,                   responsibility might negatively impact their ability to\n              looking at the Census Bureau\xe2\x80\x99s progress in developing          accurately count the population within allotted time\n              a plan to handle workers\xe2\x80\x99 compensation claims that             frames. Finally, they said they may have been\n              arise during 2010 decennial and preceding activities           overzealous in estimating how quickly they could\n              and to reemploy claimants who have been on the                 coordinate with Commerce\xe2\x80\x99s Office of Human\n              FECA rolls since the 1990 and 2000 censuses.                   Resources Management (OHRM) and the\n                                                                             Department of Labor to develop a viable workers\xe2\x80\x99\n              Our 2006 report found that Census\xe2\x80\x99s FECA costs                 compensation strategy.\n              accounted for nearly 40 percent of the Department\xe2\x80\x99s\n              total FECA spending ($5.59 million of $14.5 mil\xc2\xad               In our follow-up report, we reiterated our recommen\xc2\xad\n              lion) during the 12-month period we examined (July             dations that Census\n              2004 through June 2005). These costs were substan\xc2\xad\n              tially higher at census time: for example, from July               \xe2\x96\xa0\t   develop a comprehensive workers\xe2\x80\x99\n              2000 through June 2001, as the 2000 decennial was                       compensation management initiative for the\n              under way, Census paid almost $14.2 million in                          2010 decennial, incorporate related guidance\n              FECA benefits. Many of these claims came from                           into training and administrative manuals for\n              temporary workers hired to collect census data in the                   both the 2008 dress rehearsal and 2010\n              field. Opportunities for reemployment dwindle as                        operations, and train all relevant headquarters,\n              decennial operations wind down, and those who are                       regional, and field staff on the initiative;\n              not offered a job can remain on the rolls for years. We\n              identified 44 active claims from the 1990 decennial                \xe2\x96\xa0\t   bring together human resources, decennial\n              and 183 from Census 2000. We recommended that                           management, field operations, and\n              Census, together with the Department, identify all                      administrative staff to develop and implement\n              other claimants who are able to return to work and                      a comprehensive return-to-work strategy for\n              take necessary actions to bring them back on the job                    employees injured during 2010 operations as\n              as soon as possible.                                                    well as for claimants already on the rolls; and\n\n\n\n                                                                        29\n\x0cDOC OIG SAR 11-07.qxd      11/27/07      1:36 PM       Page 30\n\n\n\n\n              Economics and Statistics Administration                                                  September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n                   \xe2\x96\xa0\t   identify claimants who could be rehired for                         completed some actions, such as obtaining access to\n                        2010 operations and work with the                                   case files of claimants who worked in previous\n                        departments of Commerce and Labor to                                Census operations to evaluate their return-to-work\n                        bring them back on the job as soon as                               potential and analyzing employment potential for\n                        possible or otherwise remove them from the                          some claimants in the current dress rehearsal opera\xc2\xad\n                        workers\xe2\x80\x99 compensation rolls.                                        tions. In its response to our draft report, Census\n                                                                                            advised us that it has reached internal agreement on\n                                                                                            an approach for a more robust workers\xe2\x80\x99 compensa\xc2\xad\n                                                                                            tion program that includes increased and integrated\n                                                                                            headquarters management and oversight by the\n                                                                                            bureau\xe2\x80\x99s human resources, decennial management,\n                                                                                            and field operations staff. The bureau also reported\n                                                                                            that it is working with OHRM to determine and\n                                                                                            finalize the proper resource allocations and contract\n                                                                                            options for operating the program and managing the\n                                                                                            caseload of injuries that result from the dress rehears\xc2\xad\n                                                                                            al and 2010 decennial census. In addition, the\n                                                                                            bureau reported sending letters to 73 recipients\n                                                                                            from the 1990 and 2000 censuses, seeking\n                                                                                            information it needs to extend job offers for 2010\n                                                                                            decennial operations.\n\n                                                                                            Commerce\xe2\x80\x99s Chief Financial Officer and Assistant\n                                                                                            Secretary for Administration concurred with our rec\xc2\xad\n                                                                                            ommendation addressed to the Department. He\n                                                                                            indicated that OHRM\xe2\x80\x99s Office of Occupational\n                                                                                            Safety and Health continues to take additional\n                                                                                            actions to address this recommendation and those\n                                                                                            from our March 2006 report. It is facilitating\n                                                                    US Census Bureau\n                                                                                            arrangements to send departmental workers\xe2\x80\x99 com\xc2\xad\n              During every decennial census, the Census Bureau hires thousands\n              of temporary workers for jobs that last from several weeks to several\n                                                                                            pensation case files from the regional offices of DOL\xe2\x80\x99s\n              months. If these employees are hurt on the job, they qualify for              Office of Workers\xe2\x80\x99 Compensation Programs to\n              workers\xe2\x80\x99 compensation benefits. Moving them off the rolls is                  Commerce headquarters. He stated that this will\n              especially difficult because opportunities for reemployment dwindle           eliminate the need to travel to DOL\xe2\x80\x99s regional offices\n              as census operations wind down.                                               and enable the Department and Census to more eas\xc2\xad\n                                                                                            ily obtain the medical information needed to identify\n              We also recommended that Census evaluate and                                  and process potential return-to-work cases. (Office of\n              adopt alternative hiring options for reemploying                              Inspections and Program Evaluations: IPE-18592)\n              decennial claimants or helping them find jobs at\n              other agencies or private firms, and that the\n              Department\xe2\x80\x99s Chief Financial Officer work with the\n              bureau\xe2\x80\x99s director to strengthen Census\xe2\x80\x99s management                           C&A of Census Systems Shows\n              of its workers\xe2\x80\x99 compensation program and thereby\n              reduce the costs of the 2008 dress rehearsal and                              Mixed Results in FISMA Reviews\n              2010 census.\n                                                                                            To meet our FY 2007 FISMA reporting require\xc2\xad\n              The Census Bureau did not agree with several find\xc2\xad                            ments, we evaluated the Census Bureau\xe2\x80\x99s Client\n              ings in our draft report, but concurred with our four                         Services General Support System and the AESDirect\n              recommendations. It indicated that it had already                             Major Application, which is a contractor system.\n\n\n\n                                                                                       30\n\x0cDOC OIG SAR 11-07.qxd     11/27/07   1:36 PM    Page 31\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress\t                                        Economics and Statistics Administration\n\n\n\n\n              Client Services General Support System                              \xe2\x96\xa0\t   Significant vulnerabilities were not\n                                                                                       addressed in the security assessment report\n              Our review of Census\xe2\x80\x99s Client Services General                           or documented in the plan of action\n              Support System revealed the following:                                   and milestones.\n\n                  \xe2\x96\xa0\t   The system security plan did not describe                  \xe2\x96\xa0\t   Significant vulnerabilities were not remedied\n                       significant environmental and technical                         in a timely manner.\n                       factors and application security controls.\n                                                                              The system security plan was generally adequate but\n                  \xe2\x96\xa0\t   Census has developed a process to scan most            security control descriptions need to be improved.\n                       workstations and laptops for vulnerabilities,          Based on our review, we concluded that security con\xc2\xad\n                       but used outdated scanning signatures.                 trols were not adequately assessed for certification\n                                                                              and accreditation and that the authorizing official did\n                  \xe2\x96\xa0\t   Secure configuration settings were not\n                not have enough information to make a credible,\n                       evaluated for some IT products. \n                      risk-based accreditation decision.\n\n                  \xe2\x96\xa0\t   Security controls for mobile code were not             Census agreed that some security controls were not\n                       adequately documented or assessed.                     adequately assessed for certification and accreditation\n                                                                              and indicated that all vulnerabilities identified both\n              We concluded that the certification and accreditation           in our report and Census\xe2\x80\x99s own testing have been or\n              of this system was compliant with FISMA require\xc2\xad                will be tracked on a plan of action and milestones.\n              ments. Evidence that mitigates most of our concerns             The bureau noted that mitigation of the vulnerabili\xc2\xad\n              about the use of outdated scanning signatures\xe2\x80\x94a                 ties had already begun.\n              patch management tool that maintains up-to-date\n              patches and patch history\xe2\x80\x94was available, but was                The bureau did not agree with our conclusion that\n              not part of the C&A package. However, better meth\xc2\xad              the authorizing official did not have enough informa\xc2\xad\n              ods of certification testing are needed to give                 tion to make a credible, risk-based accreditation\n              authorizing officials more complete information.                decision. The bureau maintained that the informa\xc2\xad\n                                                                              tion not available to the authorizing official would\n              Census concurred with all but one of our recommen\xc2\xad              have made no difference in the accreditation decision\n              dations and identified actions it will take to address          and that the system had not had a single document\xc2\xad\n              them. With that one exception, the bureau\xe2\x80\x99s actions             ed security incident in its 10 years of operation.\n              were responsive to our recommendations.                         However, our report cited numerous examples of\n                                                                              inadequate controls assessment, which suggests the\n                                                                              potential for significant unknown vulnerabilities to\n                                                                              exist. Better controls assessment may have identified\n              AESDirect Major Application\n                                                                              additional vulnerabilities. Moreover, the lack of doc\xc2\xad\n              Our review of AESDirect showed a number of prob\xc2\xad                umented security incidents was not persuasive\n              lems, including the following:                                  evidence that the security controls are adequate, par\xc2\xad\n                                                                              ticularly since Census itself identified the absence of\n                  \xe2\x96\xa0\t   Secure configuration settings were not defined         controls necessary for the detection of security\n                       for most IT products and none were assessed.           breaches, and thus could be unaware of whether secu\xc2\xad\n                                                                              rity incidents have occurred. (Office of Systems\n                  \xe2\x96\xa0    Assessment of security controls was incomplete.        Evaluation: OSE-18690-1 and -2)\n\n\n\n\n                                                                         31\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page 32\n\n\n\n\n                                                                                                      Photo Courtesy 1WTC, LLC\n                                                       An artist\xe2\x80\x99s rendering of the future Freedom Tower and New York Harbor at\n                                                                      the site of the former twin towers of the World Trade Center.\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page 33\n\n\n\n\n                              INTERNATIONAL TRADE\n\n                                 ADMINISTRATION\n\n\n              T    he International Trade Administration is responsible for trade promotion and policy issues associated\n                   with most nonagricultural goods and services. ITA works with the Office of the U.S. Trade Representative\n              to coordinate U.S. trade policy and with other agencies to coordinate U.S. trade promotion efforts. ITA has\n              four principal units:\n\n                  Market Access and Compliance develops and implements international economic policies of a bilateral,\n                  multilateral, or regional nature, and participates in trade negotiations. Its main objectives are to obtain\n                  market access for American firms and workers and to ensure full compliance by foreign nations with trade\n                  agreements signed with the United States.\n\n                  Manufacturing and Services undertakes industry trade analysis, shapes U.S. trade policy, participates in\n                  trade negotiations, organizes trade capacity-building programs, and evaluates the impact of domestic and\n                  international economic and regulatory policies on U.S. manufacturers and service industries.\n\n                  Import Administration defends American industry against injurious and unfair trade practices by\n                  administering the antidumping and countervailing duty laws of the United States and enforcing other trade\n                  laws and agreements negotiated to address such trade practices.\n\n                  U.S. Commercial Service seeks to promote economic prosperity, enhance U.S. job creation, and\n                  strengthen national security through a global network of international trade professionals. CS promotes\n                  and protects U.S. commercial interests abroad and delivers customized solutions to help U.S. businesses,\n                  especially small and medium-sized enterprises, compete effectively in the global marketplace.\n\n\n\n\n              National Export Strategy                                   Trade Promotion Coordinating Committee (TPCC)\n                                                                         develops an annual National Export Strategy report\n              Document Would Benefit from                                that is supposed to (1) establish government-wide\n              Greater Interagency Involvement                            priorities for federal export promotion and financing\n                                                                         activities and (2) provide a plan to bring those activ\xc2\xad\n              and Clear Goals                                            ities of the TPCC agencies into line with the\n                                                                         priorities. The annual National Export Strategy report\n              In response to the requirements of the Export              is sent by the TPCC chairman (the Secretary of\n              Enhancement Act of 1992 and Executive Order                Commerce) to Congress with the approval of the\n              12870, which implemented the act, the interagency          President. The act also intended for the strategy to\n\n\n\n                                                                    33\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:36 PM      Page 34\n\n\n\n\n              International Trade Administration                                            September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              help eliminate overlap and duplication among feder\xc2\xad                                                ITA management out\xc2\xad\n              al export promotion activities, propose an annual                                                  line the basic themes\n              unified federal trade promotion budget to the                                                      and priorities for the\n              President (through OMB), and promote cooperation                                                   strategy without direct\n              between state and federal export promotion activities.                                             consultation with other\n                                                                                                                 TPCC agencies. While\n              During the course of our recent review of                                                          the Secretariat does\n              Commerce\xe2\x80\x99s trade promotion efforts and the coordi\xc2\xad                                                 maintain regular contact\n              nation of those efforts with other stakeholders (see                                               with member agencies\n              March 2007 Semiannual Report, pages 37-40), we                                                        on trade-related issues\n              identified some ways the Department could enhance                                                     and solicits their\n              the process used to develop the annual National                                                       comments on the\n              Export Strategy. Our original review, which was                                                       draft annual report,\n              requested by three members of Congress, including                                                     the process used to\n              the then-Chairman of the House Small Business                                                         develop the annual\n              Committee, was coordinated with OIGs from the                                                         reports does not pro\xc2\xad\n              departments of State, Agriculture, and the Treasury,                                                  mote the active\n              the U.S. Agency for International Development, the                                                    involvement of the\n              Small Business Administration, and the Millennium                                                     other TPCC member\n              Challenge Corporation.                                                                                agencies, nor leverage\n                                                                                                                    their expertise in\n              We did not originally set out to comment on the                                                       developing the basic\n              National Export Strategy, but agreed to address this                                            ITA   strategic objectives.\n              issue in a separate memorandum report at the request\n              of some of the other OIGs involved in the intera\xc2\xad              The National Export Strategy Does Not\n              gency review, who had raised several concerns about            Establish Specific Export Promotion Goals\n              Commerce\xe2\x80\x99s development of the annual strategy.                 or Use Performance Measures to Track\n                                                                             Program Success\n\n              What We Found                                                  In a 2002 report, the Government Account-ability\n                                                                             Office reported that the National Export Strategy was\n              We found the annual National Export Strategy reports           too broad and did not discuss government-wide spe\xc2\xad\n              often outline useful strategies and initiatives\xe2\x80\x94such as        cific goals or assess progress toward meeting those\n              the promotion of public-private partnerships\xe2\x80\x94with\xc2\xad             goals.5 Our review of subsequent National Export\n              in the context of discussing ongoing federal trade             Strategy reports for 2002-2006 showed that little had\n              promotion efforts. These reports do not, however,              changed. Absent the specific export promotion goals\n              articulate a strategy, establish consistent export pro\xc2\xad        that GAO recommended, the annual export strategy\n              motion goals, align agency-specific strategic                  did not provide an effective framework for focusing\n              objectives with government-wide export promotion               the activities of TPCC agencies to meet core export\n              strategic goals, or track agencies\xe2\x80\x99 actual progress            promotion priorities. Moreover, lacking usable per\xc2\xad\n              toward those goals.                                            formance measures\xe2\x80\x94which are required of all\n                                                                             member agencies\xe2\x80\x94TPCC cannot evaluate or report\n              Commerce Should Establish a More Inclusive                     on the agencies\xe2\x80\x99 progress toward federal export pro\xc2\xad\n              Process for Developing the National Export                     motion priorities.\n              Strategy Reports\n\n              Under the current process used to develop the annu\xc2\xad            5\n                                                                                 Export Promotion: Mixed Progress in Achieving a Government-\n              al National Export Strategy, the TPCC Secretariat and              wide Strategy, GAO-02-850, September 4, 2002.\n\n\n\n\n                                                                        34\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM    Page 35\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                          International Trade Administration\n\n\n\n\n              Improvements Are Noted in the 2007 National\n              Export Strategy                                                       TPCC Active Member Agencies\n                                                                               U.S. Department of Commerce\n              Our final report notes that the 2007 National Export\n                                                                               Export-Import Bank of the United States\n              Strategy, which was released several months after our\n              draft report, contained significant improvements that            Overseas Private Investment Corporation\n              address some of the issues raised during our review,             U.S. Trade and Development Agency\n              including (1) a clearer and more complete presenta\xc2\xad              U.S. Small Business Administration\n              tion of federal export promotion priorities and (2) an\n                                                                               U.S. Department of Agriculture\n              appendix that details the strategic objectives of the\n              primary TPCC agencies and summarizes the agen\xc2\xad                   U.S. Department of State\n              cies\xe2\x80\x99 2006 activities that are responsive to those               U.S. Department of Treasury\n              strategies. However, further enhancements are neces\xc2\xad             Office of the U.S. Trade Representative\n              sary to fully implement our recommendations.\n                                                                               U.S. Agency for International Development\n              The TPCC May Not Include All                                     U.S. Environmental Protection Agency\n              Relevant Agencies                                                U.S. Department of Defense\n                                                                               U.S. Department of Energy\n              The roster of TPCC members was established by\n                                                                               U.S. Department of Interior\n              Executive Order in 1993 and was last updated in\n              2003 to include the Department of Homeland                       U.S. Department of Labor\n              Security (DHS), although DHS was not an active                   U.S. Department of Transportation\n              TPCC member at the time of our review. The                       Office of Management and Budget\n              Millennium Challenge Corporation (MCC), estab\xc2\xad\n              lished in 2004, is a U.S. government-owned                       National Security Council/National\n              corporation with the stated mission to help reduce               Economic Council\n              worldwide poverty through economic growth, while                 Council of Economic Advisers\n              targeting aid to reward countries with good public\n              policies. Since its inception, MCC has received\n              approximately $4 billion in federal appropriations.\n              As part of its efforts to promote economic develop\xc2\xad           Our Recommendations\n              ment, MCC sponsors projects to increase the trade\n              capacity of developing countries. These projects can\n                                                                            We recommended that ITA institute a meaningful\n              complement federal export promotion efforts by\n                                                                            interagency strategic planning process that identifies\n              helping improve access to foreign markets for U.S.\n                                                                            the core strategic goals and objectives of federal\n              products and creating other opportunities for U.S.\n                                                                            export promotion efforts through an interagency\n              exporters. We recognize that MCC may be reluctant\n                                                                            consultative process; aligns agency-specific strategic\n              to be included as a TPCC member because it wants\n                                                                            objectives with government-wide export promotion\n              to avoid the perception that its development efforts\n                                                                            strategic goals; identifies any agency-specific per\xc2\xad\n              are linked to U.S. export promotion priorities, but\n                                                                            formance measures relevant to government-wide\n              we recommended in our March 2007 report on trade\n                                                                            export promotion goals; and uses these measures to\n              coordination that MCC be included in relevant\n                                                                            evaluate the progress of agencies toward meeting gov\xc2\xad\n              TPCC working groups.\n                                                                            ernment-wide export promotion goals. We also\n                                                                            recommended ITA continue to engage MCC on\n                                                                            trade promotion activities and use appropriate chan\xc2\xad\n                                                                            nels to request Presidential approval to update the\n                                                                            TPCC membership to include all relevant federal\n                                                                            trade promotion agencies.\n\n\n\n                                                                       35\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:36 PM      Page 36\n\n\n\n\n              International Trade Administration                                         September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              ITA\xe2\x80\x99s Response                                                  Common Controls, Contingency Plan\n                                                                              Not Tested\n              The Deputy Under Secretary for International Trade\n              provided a thorough response to our draft report that           The C&A team did not evaluate \xe2\x80\x9ccommon\xe2\x80\x9d con\xc2\xad\n              noted disagreement with many of our conclusions.                trols\xe2\x80\x94controls belonging to a different ITA system\n              ITA did not concur with our conclusion that the                 but that also protect the core network. Though these\n              TPCC agencies were not adequately engaged in the                controls were outside the core network\xe2\x80\x99s accreditation\n              development of the 2007 National Export Strategy,               boundary, they needed to be assessed to show they\n              nor did it concur with our proposed changes to the              were effectively protecting the core network.\n              TPCC strategic planning process. However, ITA\xe2\x80\x99s\n              response also highlighted some actions that the                 Also, ITA did not test the contingency plan\xe2\x80\x94a\n              TPCC Secretariat planned to take to address our rec\xc2\xad            required annual event\xe2\x80\x94and the plan did not address\n              ommendations and enhance its strategic planning                 the procedures and activities for restoring operations\n              process. ITA also indicated its continued commit\xc2\xad               after a disruption or failure. ITA subsequently gave us\n              ment to work with MCC, whenever practical, and to               a document titled Network Shutdown Procedures and\n              determine ways to increase the visibility of MCC                Network Restore Procedures. But this document was\n              opportunities with the U.S. exporting community.                limited\xe2\x80\x94it addressed protocols for shutting down\n              We made changes in our final report to clarify some             and restarting the network but omitted other impor\xc2\xad\n              of the language, better articulate the ongoing efforts          tant procedures necessary to restore operations. The\n              of the TPCC Secretariat, and recognize progress                 contingency plan also did not specify emergency sce\xc2\xad\n              made in the 2007 National Export Strategy. (Office of           narios that require annual testing.\n              Inspections and Program Evaluations: IPE-18589)\n                                                                              We recommended that ITA (1) assess all components\n                                                                              that implement security controls for a system prior to\n              ITA\xe2\x80\x99s C&A Process Gave Officials                                or during certification and accreditation; (2) incorpo\xc2\xad\n                                                                              rate into the contingency plan, procedures and\n              Sufficient Information to Approve                               activities for restoring operations after a failure or dis\xc2\xad\n              System Operation                                                ruption, in accordance with Department policy; and\n                                                                              (3) test the plan annually and document its scope,\n              As part of our FY 2007 FISMA work, we examined                  procedures, scenarios, and results.\n              the adequacy of ITA\xe2\x80\x99s certification and accreditation\n              of its Core Network General Support System.\n              Though not without deficiencies, the C&A process\n              was generally sound. Certification testing adequately             \xe2\x80\x9cEach federal agency shall develop, document,\n              assessed the required security controls. Certification            and implement an agency-wide information\n              activities provided sufficient basis for the authorizing          security program to provide information security\n              official to make a credible, risk-based decision to               for the information and information systems that\n              approve system operation.                                         support the operations and assets of the agency,\n                                                                                including those provided or managed by another\n              ITA\xe2\x80\x99s assessment process was solid: procedures and                agency, contractor, or other source\xe2\x80\xa6\xe2\x80\x9d\n              expected results were well-defined, and actual results\n                                                                                                    \xe2\x80\x94Federal Information Security\n              were clearly documented for each tested procedure.\n                                                                                                     Management Act of 2002\n              By carefully defining procedures and expected results,\n              and thoroughly documenting actual outcomes, the\n              certification agent could accurately determine which\n              security controls are implemented properly, recom\xc2\xad              ITA officials concurred with our recommendations\n              mend specific corrective actions, and clearly present           and noted that in the future, the agency will assess\n              to the authorizing official the risks associated with           components that are not a part of an information\n              the remaining vulnerabilities.                                  system\xe2\x80\x99s accreditation boundary prior to completing\n\n\n                                                                         36\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:36 PM    Page 37\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                    International Trade Administration\n\n\n\n              that system\xe2\x80\x99s certification and accreditation. Officials\n              also stated that they are developing procedures to\n              restore system operations after a failure or disruption,\n              and should be finished testing these procedures by\n              the end of calendar year 2007. ITA is using detailed\n              agency-defined scenarios in the tests and will\n              summarize all results. (Office of Systems Evaluation:\n              OSE-18840)\n\n\n\n\n                                                                         37\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:36 PM   Page 38\n\n\n\n\n                                                                                    Photo Courtesy NIST/Copyright Robert Rathe\n                                                       Physicist Richard Steiner adjusts the electronic kilogram, an experimental\n                                                          apparatus for defining mass in terms of the basic properties of nature.\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM   Page 39\n\n\n\n\n                     NATIONAL INSTITUTE OF\n\n                  STANDARDS AND TECHNOLOGY\n\n\n              T   he National Institute of Standards and Technology promotes U.S. innovation and industrial competitiveness\n                  by advancing measurement science, standards, and technology in ways that enhance economic security and\n              improve quality of life. NIST manages four programs: the Advanced Technology Program, the Manufacturing\n              Extension Partnership program, the Baldrige National Quality Program, and NIST Research Laboratories.\n\n\n\n\n              Audit Questions $1.4 Million in                               $1,430,562 in costs claimed on the two awards, the\n                                                                            bulk of them unallowable payroll charges. We recom\xc2\xad\n              Costs Claimed on ATP Projects                                 mended that for the first award, NIST disallow\n                                                                            $752,951 in questioned costs and recover $726,798\n              A California company specializing in medical diagnos\xc2\xad         in federal funds, and for the second award, disallow\n              tic technologies for musculoskeletal diseases received        $677,611 in questioned costs and recover that\n              two Advanced Technology Program (ATP) awards to               amount in full.\n              develop new tools for detecting and managing arthri\xc2\xad\n              tis and osteoporosis. The first, awarded in September         The company concurred with our recommendations.\n              2000, was for a 3-year project with total costs of            (Atlanta Office of Audits: ATL-18418)\n              $1,960,181. The second, awarded in May 2002, had a\n              2-year term and total costs of $1,977,613.\n\n              In 2004 the firm\xe2\x80\x99s new CEO\xe2\x80\x94on advice from outside\n              counsel\xe2\x80\x94asked a forensic accounting specialist to\n              review the awards. The specialist confirmed that the\n              company had billed NIST approximately $1 million\n              for hours not worked on the projects. In February\n              2005, company officials reported the overcharge to\n              NIST and offered to repay the funds. But the NIST\n              grants officer wanted both awards audited in accor\xc2\xad\n              dance with ATP guidelines to verify the amount due.\n\n              Our audit examined the financial status of the awards\n              as well as whether the company had complied with\n              applicable laws and regulations and had claimed\n              reasonable and allowable costs. The audit covered\n              the period from November 1, 2000, through\n              August 31, 2004.\n                                                                                                                          National Institutes of Health\n                                                                            A California firm received ATP funds to develop new diagnostic\n              We found that the firm\xe2\x80\x99s financial management sys\xc2\xad            and treatment tools for arthritis and osteoporosis. Roughly a third\n              tem was inadequate and questioned a total of                  of the money was used for unallowable payroll expenses.\n\n\n\n                                                                       39\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM   Page 40\n\n\n\n\n                                                                              Photo Courtesy NOAA/R. Bray\n                                                       Underwater research at St. Croix, U.S. Virgin Islands.\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM   Page 41\n\n\n\n\n                   NATIONAL OCEANIC AND\n\n                ATMOSPHERIC ADMINISTRATION\n\n\n              T   he National Oceanic and Atmospheric Administration studies climate and global change; ensures the\n                  protection of coastal oceans and the management of marine resources; provides weather services; and\n              manages worldwide environmental data. NOAA does this through the following organizations:\n\n                  National Weather Service reports the weather of the United States and provides weather forecasts and\n                  warnings to the general public.\n\n                  National Ocean Service provides products, services, and information that promote safe navigation,\n                  support coastal communities, sustain marine ecosystems, and mitigate coastal hazards.\n\n                  National Marine Fisheries Service conducts a program of management, research, and services related to\n                  the protection and rational use of living marine resources.\n\n                  National Environmental Satellite, Data, and Information Service observes the environment by\n                  operating a national satellite system.\n\n                  Office of Oceanic and Atmospheric Research conducts research related to the oceans and Great Lakes, the\n                  lower and upper atmosphere, space environment, and the Earth.\n\n                  Office of Program Planning and Integration develops and coordinates NOAAs\xe2\x80\x99 strategic plan, supports\n                  organization-wide planning activities, guides managers and employees on program and performance\n                  management, and integrates policy analyses with decision-making.\n\n\n\n              Flaws Remain in C&A Process for                            Our evaluation of the C&A package found improve\xc2\xad\n                                                                         ments over an earlier version we reviewed, particularly\n              Network Operations Center                                  in its description of system components and scanning\n                                                                         for network vulnerabilities. But we noted numerous\n              As part of our FY 2007 FISMA work, we assessed             deficiencies in NOAA\xe2\x80\x99s C&A process that require\n              NOAA\xe2\x80\x99s certification and accreditation process and         management attention, including the following:\n              security configuration settings for its Network\n              Operations Center (NOC). The center provides                   \xe2\x96\xa0\t   The system security plan was inadequate. For\n              regional network backbone and Internet connectivity                 example, it did not describe the functional\n              for NOAA headquarters in Silver Spring, Maryland,                   properties of controls and often did not\n              and other locations in the Washington, D.C., area.                  address applicable control requirements.\n\n\n                                                                    41\n\x0cDOC OIG SAR 11-07.qxd     11/27/07    1:37 PM   Page 42\n\n\n\n\n              National Oceanic and Atmospheric Administration\t                              September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n                  \xe2\x96\xa0\t   The security certification had serious flaws              National Marine Sanctuary Program\n                       and omissions. It failed to identify\n                       vulnerabilities on some components, report                Authorized by the National Marine Sanctuaries Act,\n                       those identified on others, and assess controls           the sanctuary program manages and protects\n                       described in the security plan.                           13 sanctuaries and a marine national monument\n                                                                                 that have conservation, historical, or scientific\n                  \xe2\x96\xa0\t   Critical security services were overlooked.               importance. National marine sanctuaries range in size\n                       There was no evidence that the certification              from one-quarter square mile in American Samoa\xe2\x80\x99s\n                       team had assessed certain applications and                Fagatele Bay to more than 5,300 square miles in\n                       system components providing critical security             Monterey Bay, California. With the addition of the\n                       services for the NOC.                                     Papahanaumokuakea Marine National Monument\n                                                                                 (northwestern Hawaiian Islands) in 2006\xe2\x80\x94at\n                  \xe2\x96\xa0\t   Secure configurations were inadequately                   138,000 square miles the largest marine protected\n                       defined and assessed.                                     area in the world\xe2\x80\x94the sanctuaries now encompass\n                                                                                 more than 158,000 square miles of ocean and Great\n              We concluded that the authorizing official lacked                  Lakes marine habitats. The special habitats of the\n              information needed on remaining vulnerabilities to                 sanctuaries include coral reefs, whale migration\n              make a credible, risk-based accreditation decision.                corridors, deep sea canyons, kelp forests, and sea grass\n              NOAA concurred with our recommendations and                        beds. Historic shipwrecks are also protected. The\n              stated that it has implemented a continuous monitor\xc2\xad               program\xe2\x80\x99s primary mission is resource protection, but\n              ing program to correct deficiencies in the security                it must also facilitate compatible public and\n              plan as well as to reassess security controls and                  commercial uses along with conservation and\n              settings. (Office of Systems Evaluation: OSE-18688)                research activities. We are evaluating whether the\n                                                                                 program is successfully (1) providing for the long-\n                                                                                 term protection of marine and cultural resources\n                                                                                 and (2) collaborating with other NOAA offices, and\n                                                                                 with federal, state, and local entities involved in\n              Work in Progress                                                   developing and managing marine protected areas,\n                                                                                 enforcing sanctuary regulations, and conducting\n              We have a number of reviews in progress that are                   scientific research.\n              assessing key NOAA programs and activities, includ\xc2\xad\n              ing the following:\n                                                                                 National Data Buoy Center\n              Fisheries Finance Loan Program                                     The National Data Buoy Center is part of the\n                                                                                 National Weather Service. The center operates four\n              We are evaluating the National Marine Fisheries                    marine observation systems\xe2\x80\x94weather buoys, coastal\n              Service\xe2\x80\x99s management of this program, which offers                 marine observing stations, tsunami detection buoys,\n              long-term loans to the commercial fishing industry to              and climate monitoring buoys. These systems provide\n              refinance or refurbish fishing vessels that do not add             critical data on oceanic and atmospheric conditions\n              capacity to the fisheries, shoreside processing facilities,        that is used by weather and hurricane forecasters,\n              and aquaculture facilities while reducing overfishing              researchers, climatologists, oceanographers, commer\xc2\xad\n              and revitalizing fisheries. Since 1998, NMFS has                   cial fishermen, and recreational boaters. We are\n              made approximately 200 loans, for a total of nearly                assessing whether the center effectively maintains and\n              $300 million. We will consider the impact that any                 repairs its marine buoys and coastal marine stations\n              management deficiencies we may identify could have                 and whether it distributes adequate and reliable data\n              on NOAA\xe2\x80\x99s ability to rebuild and sustain fisheries.                from these observing platforms to meet the needs of\n\n\n\n\n                                                                            42\n\x0cDOC OIG SAR 11-07.qxd     11/27/07      1:37 PM      Page 43\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                             National Oceanic and Atmospheric Administration\n\n\n\n              the data users. We also are reviewing the structure of                         Stifling of Scientists\n              the center\xe2\x80\x99s support services contract for buoy main\xc2\xad\n              tenance and repair and how NOAA manages                                        In response to a request from Congress, we are exam\xc2\xad\n              and oversees that contract, which is worth up to                               ining allegations that the Department and NOAA\n              $500 million over a potential 10-year term.                                    have stifled the release of scientific information by\n                                                                                             thwarting scientists\xe2\x80\x99 access to the media and blocking\n                                                                                             publication of a specific report on global warming.\n                                                                                             We are reviewing policies for media access and public\n                                                                                             release of research data at both the Department and\n                                                                                             NOAA and assessing whether officials at either\n                                                                                             organization deliberately blocked the dissemination\n                                                                                             of a hurricane fact sheet that included a discussion of\n                                                                                             climate change and hurricane intensity. We anticipate\n                                                                                             issuing our report in the coming months.\n\n\n\n\n                                                        Alaska Ocean Observing System\n              This NOAA data buoy, one of five located in Prince William\n              Sound, Alaska, senses and transmits meteorological information for\n              weather forecasting.\n\n\n\n\n                                                                                        43\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM   Page 44\n\n\n\n\n                                                                                       Photo Courtesy USPTO\n                                                       The glass-enclosed atrium of USPTO\xe2\x80\x99s new headquarters.\n\x0cDOC OIG SAR 11-07.qxd     11/27/07   1:37 PM   Page 45\n\n\n\n\n                         UNITED STATES PATENT AND\n\n                            TRADEMARK OFFICE\n\n\n              T    he United States Patent and Trademark Office administers the nations\xe2\x80\x99 patent and trademark laws.\n                   Patents are granted and trademarks registered under a system intended to provide incentives to invent,\n              invest in research, commercialize new technology, and draw attention to inventions that would otherwise go\n              unnoticed. USPTO also collects, assembles, publishes, and disseminates technological information disclosed\n              in patents.\n\n\n\n              C&A Inadequacies Revealed in                                      \xe2\x96\xa0\t   incomplete and questionable rationales were\n                                                                                     used to reduce risk levels of several remaining\n              FISMA Reviews                                                          vulnerabilities.\n\n              To meet our FY 2007 FISMA reporting require\xc2\xad                  We concluded that the authorizing official lacked\n              ments, we evaluated USPTO\xe2\x80\x99s certification and                 sufficient information about the remaining vulnera\xc2\xad\n              accreditation for the Patent Search System\xe2\x80\x94Primary            bilities and their associated risk to make a credible\n              Search and Retrieval, and the Project Performance             risk-based decision on whether to accredit the system.\n              Corporation (PPC) General Support System, which\n              is a contractor system.                                       USPTO concurred with all of our recommendations,\n                                                                            but did not agree with our conclusion. The agency\n                                                                            contended that all controls were properly assessed\n              Patent Search System\xe2\x80\x94Primary                                  and that the evidence for the authorizing official was\n                                                                            sufficient, but noted that more detailed evidence\n              Search and Retrieval                                          would be provided to this official in the future. The\n                                                                            response described improvements that have been\n              Our review of the Patent Search System\xe2\x80\x94Primary                made in IT security in FY 2007.\n              Search and Retrieval revealed\n\n                  \xe2\x96\xa0\t   security controls were not adequately defined\n                       prior to the certification phase;                    PPC General Support System\n\n                  \xe2\x96\xa0\t   certification assessment was incomplete and          Our review of the PPC General Support System\n                       lacked adequate supporting evidence;                 revealed\n\n                  \xe2\x96\xa0\t   the authorizing official did not receive                 \xe2\x96\xa0\t   the system security plan was generally\n\n                       accurate information on the status of secure                  adequate but inaccuracies need to\n\n                       configuration settings; and                                   be addressed;\n\n\n\n                                                                       45\n\x0cDOC OIG SAR 11-07.qxd     11/27/07    1:37 PM    Page 46\n\n\n\n\n              United States Patent and Trademark Office \t                              September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n                  \xe2\x96\xa0\t   secure configuration settings were not defined        USPTO concurred with all of our recommendations,\n                       for most information technology products              but took issue with our conclusion. USPTO stated\n                       and none were assessed;                               that the authorizing official was provided sufficient\n                                                                             documentation to adequately and accurately assess\n                  \xe2\x96\xa0\t   certification assessments did not adequately          the risks associated with granting the authority to\n                       evaluate controls on system components and            operate the contractor system. The response also\n                       assessment evidence was minimal; and                  claimed that contingency planning and testing were\n                                                                             adequate given the criticality of the system. As in its\n                  \xe2\x96\xa0\t   contingency planning and testing did not              response to our assessment of the Patent Search\n                       provide adequate assurance that operations            System\xe2\x80\x94Primary Search and Retrieval, USPTO\n                       can be restored.                                      described improvements that have been made in IT\n                                                                             security in FY 2007. (Office of Systems Evaluation:\n              We concluded the security controls were not ade\xc2\xad               OSE-18841-1 and -2)\n              quately assessed for certification and accreditation\n              and the authorizing official did not have enough\n              information to make a credible, risk-based accredita\xc2\xad\n              tion decision.\n\n\n\n\n                                                                        46\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:37 PM    Page 47\n\n\n\n\n                                      DEPARTMENT-WIDE\n\n                                        MANAGEMENT\n\n\n              T    he United States Department of Commerce creates the conditions for economic growth and opportunity\n                   by promoting innovation, entrepreneurship, competitiveness, and stewardship. The Department has three\n              stated strategic goals:\n\n                  Goal 1: Provide the information and tools to maximize U.S. competitiveness. \n\n\n                  Goal 2: Foster science and technological leadership by protecting intellectual property, enhancing technical\n\n                  standards, and advancing measurement science. \n\n\n                  Goal 3: Observe, protect, and manage the Earths\xe2\x80\x99 resources to promote environmental stewardship.\n\n              The Department has also established a Management Integration Goal that is equally important to all bureaus:\n              Achieve organizational and management excellence.\n\n\n\n              Preaward Financial                                              OIG and the Department determined that there are\n                                                                              several categories of recipients for whom the costs\n              Assistance Screening                                            and administrative burden of the screening process\n                                                                              may well outweigh the government\xe2\x80\x99s risk of financial\n              As part of our ongoing emphasis on prevention of                loss. The current policies exempt from review, recipi\xc2\xad\n              fraud, waste, and abuse, we continue to work with the           ents who (1) receive awards in amounts of $100,000\n              Office of Acquisition Management, NOAA and                      or less; (2) have received financial assistance from the\n              NIST grant offices, and EDA program offices to                  Department for 3 or more consecutive years without\n              screen proposed grants and cooperative agreements               any adverse program or audit findings; or (3) are\n              before they are awarded. Our screening serves two               units of a state or local government.\n              functions: it provides information on whether the\n              applicant has unresolved audit findings and recom\xc2\xad              During this semiannual period we screened 182 pro\xc2\xad\n              mendations on earlier awards, and it identifies any             posed awards. For 72 of the awards, we found major\n              negative financial or investigative history on individu\xc2\xad        deficiencies that could affect the ability of the prospec\xc2\xad\n              als or organizations connected with a proposed award.           tive recipients to maintain proper control over federal\n                                                                              funds. On the basis of the information we provided,\n              On January 1, 2004, we implemented new policies                 the Department delayed 35 awards and established\n              and procedures for our preaward screening process.              special award conditions for 37. (Office of Audits)\n\n\n\n\n                                                                         47\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM    Page 48\n\n\n\n\n              Department-wide Management                                                 September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n                                                                             The following table shows a breakdown by bureau\n                                                                             of approximately $429 million in Commerce\n                                                                             funds audited.\n\n\n\n\n              Nonfederal Audit Activities\n              In addition to undergoing OIG-performed audits,\n              certain recipients of Commerce financial assistance\n              are periodically examined by state and local govern\xc2\xad\n              ment auditors and by independent public\n              accountants. OMB Circular A-133, Audits of States,\n              Local Governments, and Non-Profit Organizations, sets\n              forth the audit requirements for most of these audits.         * Includes $45,402,676 in ATP program-specific audits.\n              For-profit organizations that receive Advanced\n              Technology Program funds from NIST are audited\n              in accordance with Government Auditing\n                                                                             We identified a total of $7,028,184 in federal ques\xc2\xad\n              Standards and NIST Program-Specific Audit\n                                                                             tioned costs and $456,405 in funds to be put to\n              Guidelines for ATP Cooperative Agreements, issued\n                                                                             better use. In most reports the subject programs were\n              by the Department.\n                                                                             not considered major programs; thus the audits\n                                                                             involved limited transaction and compliance testing\n              We examined 149 audit reports during this semian\xc2\xad\n                                                                             against laws, regulations, and grant terms and condi\xc2\xad\n              nual period to determine whether they contained any\n                                                                             tions. The 18 reports with Commerce findings are\n              audit findings related to Department programs. For\n                                                                             listed in Appendix B-1. (Regional Offices of Audits)\n              67 of these reports, the Department acts as oversight\n              agency and monitors the audited entity\xe2\x80\x99s compliance\n              with the OMB Circular A-133 or NIST\xe2\x80\x99s program-\n              specific reporting requirements. The other 82 reports\n              are from entities for which other federal agencies have\n              oversight responsibility. We identified 18 with find\xc2\xad\n              ings related to the Department of Commerce.\n\n\n\n\n                                                                        48\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:37 PM    Page 49\n\n\n\n\n                 OFFICE OF INSPECTOR GENERAL\n\n\n              T    he mission of the Office of Inspector General is to promote economy, efficiency, and effectiveness and\n                   detect and prevent waste, fraud, abuse, and mismanagement in the programs and operations of the U.S.\n              Department of Commerce. Through its audits, inspections, performance evaluations, and investigations, OIG\n              proposes innovative ideas and constructive solutions that lead to positive changes for the Department. By\n              providing timely, useful, and reliable information and advice to departmental officials, the administration, and\n              Congress, OIG\xe2\x80\x99s work helps improve Commerce management and operations as well as its delivery of services\n              to the public.\n\n\n\n\n              Office of Investigations                                         Court for the Northern District of Georgia to 30\n                                                                               months\xe2\x80\x99 imprisonment followed by 3 years of super\xc2\xad\n                                                                               vised release, and ordered to pay a $5,000 fine and\n              During this semiannual period, the Office of\n                                                                               restitution in the amount of $37,388.20. (Atlanta\n              Investigations continued to pursue allegations of\n                                                                               Field Office)\n              fraud, waste, and abuse affecting Commerce pro\xc2\xad\n              grams and operations, and other cases of corruption\n              and fraud that negatively impacted the Department,\n              the federal government, or U.S. taxpayers. The inves\xc2\xad            NOAA Employee Pleads Guilty to Credit\n              tigations highlighted below are representative of our            Card Theft\n              accomplishments during the past 6 months.\n                                                                               On August 15, 2007, a former NOAA employee\n                                                                               pleaded guilty to theft of government property for\n                                                                               charging close to $4,000 in personal purchases to a\n              Jury Finds Former Census Employee                                government credit card. An OIG investigation found\n              Guilty of Workers\xe2\x80\x99 Compensation Fraud                            that over a 3-week period in December 2006,\n                                                                               15 transactions totaling $3,938.30 were made on the\n              In April 2007, a former Census field representative was          employee\xe2\x80\x99s government purchase card for items such\n              convicted of four counts of making false statements to           as cigarettes, beer, gift cards, CDs, video games, and\n              collect benefits for work-related injuries sustained in a        a television. All the purchases occurred at vendors\n              1994 automobile accident, after an OIG investigation             located near his residence or near his work site in\n              revealed she had failed to report more than $40,000 in           Pascagoula, Mississippi, and several of the transac\xc2\xad\n              earnings from a dog kennel business on annual certifi\xc2\xad           tions were captured on store surveillance tapes. The\n              cations submitted to the Department of Labor\xe2\x80\x99s Office            defendant is scheduled for sentencing in U.S. District\n              of Workers\xe2\x80\x99 Compensation Programs. On July 12,                   Court for the Southern District of Mississippi in\n              2007, the defendant was sentenced in U.S. District               November 2007. (Denver Resident Office)\n\n\n\n\n                                                                          49\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:37 PM   Page 50\n\n\n\n\n              Office of Inspector General                                              September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Former BIS Investigator Indicted for\n              Misuse of Law Enforcement Database\n              A former criminal investigator in the Office of\n              Export Enforcement was indicted on September 19,\n              2007, in the Northern District of California on one\n              count of unlawfully obtaining information from a\n              government computer and one count of making false\n              statements after an OIG investigation established\n              he had accessed the Treasury Enforcement and\n              Communication System (TECS) 163 times over a\n              2-month period in order to track the whereabouts of\n              a former girlfriend. TECS is a secure, password-pro\xc2\xad\n              tected system designed to identify individuals\n              suspected of or involved in violations of federal law,\n              and permit direct communications between Treasury\n              law enforcement offices and other federal, state, and\n              local law enforcement agencies. The former special\n              agent also used the database to track the movements\n              of members of the woman\xe2\x80\x99s family, and made harass\xc2\xad\n              ing and life-threatening remarks to her, threatening\n              to have her deported. When questioned by OIG\n              investigators and his supervisors, he lied about the\n              number of times he had accessed the investigative\n              database for personal reasons. The defendant was\n              scheduled for arraignment in October 2007. (Atlanta           Arrests and Convictions Continue in\n              Field Office)                                                 International Telemarketing Fraud Case\n                                                                            For the past 4 years, we have been investigating a\n              ATP Award Recipient Indicted and                              major telemarketing fraud scheme based in Costa\n                                                                            Rica that was perpetrated by callers identifying\n              Assets Seized\n                                                                            themselves as employees of the Commerce\n                                                                            Department and other federal agencies, who told\n              On June 13, 2007, the recipient of a $2 million\n                                                                            victims they had won huge cash prizes in a national\n              Advanced Technology Program award was indicted\n                                                                            lottery. In order to secure their winnings, victims\n              for program fraud in the Southern District of New\n                                                                            were instructed to use commercial wire transfer serv\xc2\xad\n              York, based on the results of an OIG investigation\n                                                                            ices to send payments of $1,500 to $4,500 to Costa\n              that found nearly $400,000 in project funds had\n                                                                            Rica. The investigation is an integral part of the\n              been diverted to the defendant\xe2\x80\x99s personal use. On\n                                                                            Department of Justice\xe2\x80\x99s Operation Global Con, a\n              June 25, 2007, a superseding indictment was filed,\n                                                                            massive international fraud investigation involving\n              adding an asset forfeiture clause seeking $390,000\n                                                                            nearly 3 million victims and more than $1 billion\n              and the apartment the defendant used as both a resi\xc2\xad\n                                                                            dollars in fraud worldwide.\n              dence and a place of business. OIG agents served a\n              seizure warrant the following day and recovered an\n                                                                            Since its inception, our investigation has resulted in a\n              estimated $300,000 worth of computers and associ\xc2\xad\n                                                                            total of 32 arrests and 20 convictions of participants\n              ated electronic equipment allegedly purchased with\n                                                                            in the scheme, as well as a payment of nearly\n              federal funds. A trial date has not yet been set.\n                                                                            $1.4 million in restitution from one defendant. (See\n              (Atlanta Field Office)\n                                                                            March 2007 Semiannual Report, page 61.) During\n                                                                            this semiannual period, eight defendants were con\xc2\xad\n\n\n                                                                       50\n\x0cDOC OIG SAR 11-07.qxd   11/27/07     1:37 PM    Page 51\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                      Office of Inspector General\n\n\n\n              victed on conspiracy and wire fraud charges in the                 Over $1,500 in Transit Benefits Recovered\n              Western District of North Carolina. They all face                  from Former ITA Employee\n              prison terms ranging from 5 to 20 years. In addition,\n              eight more participants were arrested, and two                     As part of the joint investigation with GAO, an\n              U.S. citizens were extradited from Costa Rica.                     undercover operation was conducted and Metrocheks\n              (Atlanta Field Office)                                             worth $210 were purchased for $190 from an ITA\n                                                                                 employee on her last day of work at the agency.\n                                                                                 Although the case was declined for criminal prosecu\xc2\xad\n              Joint Investigation with GAO Uncovers                              tion, administrative action was initiated to recoup the\n              Violations of Federal Transit Benefits                             benefits she had fraudulently obtained and the for\xc2\xad\n                                                                                 mer employee \xe2\x80\x93 who admitted selling Metrocheks on\n              Program by Commerce Employees                                      multiple occasions \xe2\x80\x93 was compelled to reimburse the\n                                                                                 government $1,577 from her lump sum annual leave\n              The federal transit benefits program provides transit              payment. (Washington Field Office)\n              benefits (e.g., Metrocheks) to government employees\n              to encourage the use of public transportation for\n                                                                                 USPTO Employee Sold Metrocheks on eBay\n              commuting. Under the program currently in place at\n              Commerce, employees may receive subsidies of up to\n                                                                                 Our joint investigation also revealed that a USPTO\n              $110 a month to cover their actual transportation\n                                                                                 employee had sold more than $400 worth of federal\xc2\xad\n              costs. Based on reports of program abuses at various\n                                                                                 ly subsidized Metrocheks on eBay during a 2-week\n              federal agencies, the Government Accountability\n                                                                                 period in August 2006. The employee admitted mak\xc2\xad\n              Office was asked to investigate allegations that feder\xc2\xad\n                                                                                 ing the sales, but claimed he was unaware that his\n              al employees in the National Capital region were\n                                                                                 actions were prohibited. He agreed to make full resti\xc2\xad\n              engaging in fraud related to the transit program.\n                                                                                 tution to the agency and subsequently resigned his\n              GAO teamed with a number of OIG organizations,\n                                                                                 position at USPTO. (Washington Field Office)\n              including our office, to pursue these charges. Our\n              investigative work is ongoing, but we have already\n              identified several Commerce employees involved in\n              abuse of the program.                                              OIG Computer Crimes Unit Aids State\n                                                                                 Law Enforcement Efforts\n              Senior Official with Parking Space Collected\n              More Than $1,200 in Metrocheks                                     In addition to pursuing investigations into IT securi\xc2\xad\n                                                                                 ty breaches and criminal misuse of government\n              OIG investigators determined that a senior official                computers at the Department, the Office of\n              received $1,260 in transit benefits over a 10-month                Investigation\xe2\x80\x99s Computer Crimes Unit regularly lends\n              period, although he had been assigned and regularly                its technical expertise to fellow state and federal law\n              used a parking space at the Commerce headquarters                  enforcement agencies, providing forensic media\n              building during that time. In order to receive the peri\xc2\xad           analysis and support in connection with ongoing\n              odic subsidy, an employee must complete a preprinted               investigations and other matters relating to\n              certification form containing an explicit representation           Commerce employees and operations. During this\n              that he or she has not been assigned a parking permit              semiannual period, the unit was again called upon to\n              by a federal agency. Despite that condition, the official          provide such services in a variety of contexts.\n              signed the certification on at least five occasions to col\xc2\xad\n              lect transit benefits. Prior to the conclusion of our              In June 2007, the Fairfax County, Virginia, police\n              investigation, he reimbursed the Department for the                requested OIG assistance to seize and examine gov\xc2\xad\n              full cost of the Metrocheks he received. At the close of           ernment computer equipment assigned to a Census\n              this semiannual period, additional administrative                  Bureau employee who had been arrested on a state\n              action was pending. (Washington Field Office)                      homicide charge. OIG forensic analysis of the com\xc2\xad\n\n\n\n\n                                                                            51\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:37 PM   Page 52\n\n\n\n\n              Office of Inspector General                                    September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n              puters yielded valuable information for the police\n              investigation, which is still in progress.\n\n              As a member of the Maryland Internet Crimes\n              Against Children Task Force, in August 2007 the unit\n              provided assistance to the St. Mary\xe2\x80\x99s County Sheriff \xe2\x80\x99s\n              Office by analyzing a computer seized during the\n              course of a child pornography investigation. Our\n              forensic analysis revealed the presence of suspected\n              pornographic material, including digital images of\n              children from the suspect\xe2\x80\x99s household, and the evi\xc2\xad\n              dence was forwarded to the local authorities for use\n              in their case. (Computer Crimes Unit)\n\n\n\n\n              Other OIG Activities\n              Testimony Before House Committee on\n              Natural Resources\n              During this semiannual period, OIG\xe2\x80\x99s assistant\n              inspector general for auditing appeared before the\n              House Committee on Natural Resources to recap our\n              2005 review of NOAA\xe2\x80\x99s consultation process. Section\n              7 of the Endangered Species Act requires federal\n              agencies to consult with NOAA about any activity\n              they plan to undertake that may affect listed species.\n              Our review looked at NOAA\xe2\x80\x99s process for rendering a\n              biological opinion on the impacts of a California\n              water project on endangered fish. We found that the\n              agency deviated from its normal quality control prac\xc2\xad\n              tices in developing the opinion and was criticized as\n              having acted arbitrarily or inappropriately (see\n              September 2005 Semiannual Report, page 21). The\n              committee requested testimony on our work as part\n              of its consideration of claims that modifications to a\n              different water management project, operating in the\n              Klamath River Basin, caused as many as 80,000\n              salmon to die.\n\n\n\n\n                                                                        52\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:37 PM    Page 53\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                    Office of Inspector General\n\n\n\n\n              TABLES AND STATISTICS\n              Statistical Overview\n\n\n\n\n              Table 1. Investigative Statistical Highlights for this Period\n\n\n\n\n              Audit Resolution and Follow-Up\n              The Inspector General Act Amendments of 1988                    Department Administrative Order 213-5, Audit\n              require us to present in this report those audits issued        Resolution and Follow-up, provides procedures for\n              before the beginning of the reporting period (April 1,          management to request a modification to an approved\n              2007) for which no management decision had been                 audit action plan or for a financial assistance recipient\n              made by the end of the period (September 30, 2007).             to appeal an audit resolution determination. The fol-\n              Six audit reports remain unresolved for this reporting          lowing table summarizes modification and appeal\n              period (see page 60).                                           activity during the reporting period.\n\n\n\n\n                                                                         53\n\x0cDOC OIG SAR 11-07.qxd     11/27/07       1:37 PM      Page 54\n\n\n\n\n              Office of Inspector General\t                                                           September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Table 2. Audit Resolution Follow-up\n\n\n\n\n              Table 3. Audit and Inspection Statistical Highlights for this Period\n\n\n\n\n              * This number includes costs by state and local government auditors or independent public accountants.\n\n\n\n              Table 4. Audits with Questioned Costs\n\n\n\n\n              NOTES:\n              1\t\n                 Four audit reports included in this table are also included among reports with recommendations that funds be put to better use\n                 (see Table 5). However, the dollar amounts do not overlap.\n              2\t\n                 In Category C, lines i and ii do not always equal the total line C because resolution may result in values greater than the\n                 original recommendations.\n\n\n\n\n                                                                                   54\n\x0cDOC OIG SAR 11-07.qxd     11/27/07       1:37 PM      Page 55\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress\t                                                                   Office of Inspector General\n\n\n\n\n              Table 5. Audits with Recommendations that Funds Be Put to Better Use\n\n\n\n\n              NOTES:\n              1\t\n                 Four audit reports included in this table are also included among reports with recommendations that funds be put to better use\n                 (see Table 4). However, the dollar amounts do not overlap.\n              2\n                 In Category C, lines i and ii do not always equal the total line C because resolution may result in values greater than the\n                 original recommendations.\n\n\n\n              Definitions of Terms Used                                                 Recommendation that funds be put to better use:\n                                                                                        an OIG recommendation that funds could be used\n              in the Tables                                                             more efficiently if Commerce management took\n                                                                                        action to implement and complete the recommenda\xc2\xad\n              Questioned cost: a cost questioned by OIG because                         tion, including (1) reductions in outlays;\n              of (1) an alleged violation of a provision of a law,                      (2) deobligation of funds from programs or opera\xc2\xad\n              regulation, contract, grant, cooperative agreement,                       tions; (3) withdrawal of interest subsidy costs on\n              or other agreement or document governing the                              loans or loan guarantees, insurance, or bonds;\n              expenditure of funds; (2) a finding that, at the time                     (4) costs not incurred by implementing recommend\xc2\xad\n              of the audit, such cost is not supported by adequate                      ed improvements related to Commerce, a contractor,\n              documentation; or (3) a finding that an expenditure                       or a grantee; (5) avoidance of unnecessary expendi\xc2\xad\n              of funds for the intended purpose is unnecessary                          tures identified in preaward reviews of contracts\n              or unreasonable.                                                          or grant agreements; or (6) any other savings\n                                                                                        specifically identified.\n              Unsupported cost: a cost that, at the time of the\n              audit, is not supported by adequate documentation.                        Management decision: management\xe2\x80\x99s evaluation of\n              Questioned costs include unsupported costs.                               the findings and recommendations included in the\n                                                                                        audit report and the issuance of a final decision by\n                                                                                        management concerning its response.\n\n\n\n\n                                                                                   55\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:37 PM   Page 56\n\n\n\n\n              Office of Inspector General                      September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Appendix A. Report Types This Period\n\n\n\n\n              Appendix A-1. Performance Audits\n\n\n\n\n              Appendix A-2. Financial Assistance Audits\n\n\n\n\n                                                          56\n\x0cDOC OIG SAR 11-07.qxd   11/27/07   1:37 PM    Page 57\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress         Office of Inspector General\n\n\n\n\n              Appendix A-3. Inspections and Evaluations\n\n\n\n\n                                                             57\n\n\x0cDOC OIG SAR 11-07.qxd     11/27/07      1:37 PM     Page 58\n\n\n\n\n              Office of Inspector General                          September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Appendix B. Processed Audit Reports\n\n\n\n\n              * Includes 29 ATP program-specific audits.\n\n\n\n\n                                                              58\n\x0cDOC OIG SAR 11-07.qxd     11/27/07      1:37 PM   Page 59\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress          Office of Inspector General\n\n\n\n\n              Appendix B-1. Processed Reports with Audit Findings\n\n\n\n\n              * Counted as one audit report\n\n\n\n                                                             59\n\x0cDOC OIG SAR 11-07.qxd    11/27/07     1:37 PM   Page 60\n\n\n\n\n              Office of Inspector General                                              September 2007\xe2\x80\x94Semiannual Report to Congress\n\n\n\n\n              Audits Unresolved for More                                    performed in accordance with specifications of the\n                                                                            task order. We found that the firm failed to comply\n              Than 6 Months                                                 with numerous contract and federal requirements,\n                                                                            which caused us to question more than $10.7 million\n              Census Bureau                                                 in direct labor and other reimbursable costs.\n\n              ITS Services, Inc. In March 2005, we reported that            We have suspended audit resolution on both of these\n              3 of the 32 task orders awarded under an IT services          contract audits pursuant to an agreement with Census.\n              contract were audited to determine whether the costs\n              billed by the firm were reasonable, allowable, and\n              allocable under contract terms and conditions and             NIST\n              federal regulations. We found that the firm had failed\n              to comply with numerous contract and federal                  Computer Aided Surgery Inc., New York. An OIG\n              requirements, and questioned more than $8.5 mil\xc2\xad              audit of this NIST cooperative agreement (see\n              lion in direct labor and reimbursable costs.                  September 2004 issue, page 35, and March 2005\n                                                                            issue, page 33\xe2\x80\x94ATL-16095) questioned costs total\xc2\xad\n              Computer & High Tech Management, Inc. We                      ing $547,426 in inappropriately charged rent,\n              reported in our September 2005 Semiannual Report              utilities, and certain salary, fringe benefit, and other\n              (page 14) the results of audits of 2 of the 21 task           expenses because these costs were unallowable, in\n              orders for another firm providing IT services to              excess of budgetary limits, or incorrectly categorized.\n              Census. We sought to determine whether the firm had           This audit remains unresolved because we requested\n              complied with contract terms and conditions and fed\xc2\xad          that NIST postpone its submission of an audit reso\xc2\xad\n              eral regulations and had billed Census for work               lution proposal.\n\n\n\n              REPORTING REQUIREMENTS\n              The Inspector General Act of 1978, as amended, specifies reporting requirements for semiannual reports. The\n              requirements are listed below and indexed to the applicable pages of this report.\n\n\n\n\n                                                                       60\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:37 PM    Page 61\n\n\n\n\n              September 2007\xe2\x80\x94Semiannual Report to Congress                                                   Office of Inspector General\n\n\n\n\n              Section 4(a)(2): Review of Legislation                          Section 5(a)(10): Prior Audit Reports\n              and Regulations                                                 Unresolved\n              This section requires the inspector general of each             This section requires a summary of each audit report\n              agency to review existing and proposed legislation              issued before the beginning of the reporting period\n              and regulations relating to that agency\xe2\x80\x99s programs              for which no management decision has been made by\n              and operations. Based on this review, the inspector             the end of the reporting period (including the date\n              general is required to make recommendations in the              and title of each such report), an explanation of why\n              semiannual report concerning the impact of such leg\xc2\xad            a decision has not been made, and a statement con\xc2\xad\n              islation or regulations on the economy and efficiency           cerning the desired timetable for delivering a decision\n              of the management of programs and operations                    on each such report. There were one NIST and five\n              administered or financed by the agency or on the pre\xc2\xad           Census reports more than 6 months old.\n              vention and detection of fraud and abuse in those\n              programs and operations. Comments concerning leg\xc2\xad\n              islative and regulatory initiatives affecting Commerce          Section 5(a)(11): Significant Revised\n              programs are discussed, as appropriate, in relevant\n              sections of the report.\n                                                                              Management Decisions\n                                                                              This section requires an explanation of the reasons\n              Section 5(a)(3): Prior Significant                              for any significant revision to a management decision\n                                                                              made during the reporting period. Department\n              Recommendations Unimplemented                                   Administrative Order 213-5, Audit Resolution and\n                                                                              Follow-up, provides procedures for revising a man\xc2\xad\n              This section requires identification of each significant        agement decision. For performance audits, OIG\n              recommendation described in previous semiannual                 must be consulted and must approve in advance any\n              reports for which corrective action has not been com\xc2\xad           modification to an audit action plan. For financial\n              pleted. Section 5(b) requires that the Secretary                assistance audits, OIG must concur with any decision\n              transmit to Congress statistical tables showing the             that would change the audit resolution proposal in\n              number and value of audit reports for which no final            response to an appeal by the recipient. The decisions\n              action has been taken, plus an explanation of the rea\xc2\xad          issued on the four appeals of audit-related debts were\n              sons why recommended action has not occurred,                   finalized with the full participation and concurrence\n              except when the management decision was made                    of OIG.\n              within the preceding year.\n\n              To include a list of all significant unimplemented rec\xc2\xad\n              ommendations in this report would be duplicative.\n                                                                              Section 5(a)(12): Significant\n              Information on the status of any audit recommenda\xc2\xad              Management Decisions with Which\n              tions can be obtained through OIG\xe2\x80\x99s Office of Audits.           OIG Disagreed\n                                                                              This section requires information concerning any\n              Sections 5(a)(5) and 6(b)(2): Information                       significant management decision with which\n              or Assistance Refused                                           the inspector general disagrees. Department\n                                                                              Administrative Order 213-5 provides procedures for\n              These sections require a summary of each report to              elevating unresolved audit recommendations to high\xc2\xad\n              the Secretary when access, information, or assistance           er levels of Department and OIG management,\n              has been unreasonably refused or not provided. There            including their consideration by an Audit Resolution\n              were no instances during this semiannual period and             Council. During this period no audit issues were\n              no reports to the Secretary.                                    referred to the council.\n\n\n\n\n                                                                         61\n\x0cDOC OIG SAR 11-07.qxd   11/27/07    1:37 PM    Page 62\n\n\n\n\n                 TYPES OF OIG WORK PRODUCTS\n\n              The various kinds of audits, evaluations, inspections, and investigations at our disposal enable the IG's office\n              to assess Commerce programs and operations from a range of perspectives, and allow us to provide program\n              managers with reviews and recommendations that are either narrowly focused or comprehensive, as needed, to\n              aid them in ensuring the most efficient and effective use of taxpayer dollars.\n\n\n              AUDITS                                                           INSPECTIONS\n              Performance Audits address the efficiency, effective\xc2\xad            Inspections are reviews of an activity, unit, or office,\n              ness, and economy of the Department's programs,                  or a contractor or other nonfederal entity that\n              activities, and information technology systems. They             receives funds from the Department. They focus on\n              may check a unit's compliance with laws and regula\xc2\xad              an organization, not a whole program, and are often\n              tions, and evaluate its success in achieving program             designed to give agency managers timely and useful\n              objectives. They may also involve reviewing the                  information about operations, including current and\n              Department's financial assistance awards by assessing            foreseeable problems.\n              an award recipient\xe2\x80\x99s compliance with laws, regula\xc2\xad\n              tions, and award terms; allowance of costs; and the\n              degree to which projects achieved intended results.\n                                                                               EVALUATIONS\n              Financial Audits determine whether (1) a reporting\n              entity's financial statements are presented fairly and           Program Evaluations review specific management\n              in accordance with generally accepted accounting                 issues, policies, or programs.\n              principles; (2) the entity has an internal control struc\xc2\xad\n              ture that provides reasonable assurance of achieving             Systems Evaluations review system development,\n              the control objectives set forth by OMB; and (3) the             acquisitions, operations, and policy, focusing on\n              entity complied with laws and regulations that could             computer systems and other technologies.\n              have a direct and material effect on the financial\n              statements, the Federal Financial Management\n              Improvement Act, and other laws and regulations.\n                                                                               INVESTIGATIONS\n              Attestation Engagements involve examining,\n              reviewing, or performing agreed-upon procedures on               Investigations are conducted based on alleged or sus\xc2\xad\n              a subject matter or an assertion about a subject mat\xc2\xad            pected wrongdoing by Department employees,\n              ter and reporting the results. Attestation engagements           contractors, recipients of financial assistance, and\n              can have a broad range of financial or nonfinancial              others responsible for handling federal resources.\n              focuses, such as an entity\xe2\x80\x99s compliance with laws and            Investigations that expose violations of Department\n              regulations; management\xe2\x80\x99s discussion and analysis                rules and regulations or acts of fraud committed\n              presentations; and allowability and reasonableness of            against the U.S. government can result in administra\xc2\xad\n              final grant and contract costs.                                  tive sanctions and/or criminal or civil prosecution.\n\n\n\n\n                                                                          62\n\x0c\x0c\x0c"